repository: nexus3.onap.org:10001
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
# readiness check
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
--- /dev/null
+Project,ONAP Certificate,Own Certificate,MSB Certificate,Path
+AAF,No,Yes,No,aaf/charts/aaf-cert-service/resources/
+AAF,Yes,No,No,aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem
+AAI,Yes,No,No,aai/oom/resources/config/haproxy/aai.pem
+AAI,Yes,No,No,aai/oom/resources/config/aai/aai_keystore
+AAI/SEARCH-DATA,Yes,No,No,aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore
+AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12
+AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore
+AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12
+certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources
+MSB,Yes,No?,Yes,kubernetes/msb/resources/config/certificates
+MUSIC,Yes,No?,No?,kubernetes/common/music/charts/music/resources/keys/
+SDC,Yes,No?,No?,kubernetes/sdc/resources/cert
+SO,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/BPMN,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Catalog,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Monitoring,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/OpenStack,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/RequestDb,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDNC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VE/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VFC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,No,Yes?,Yes,kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+VID,No,Yes,No,kubernetes/vid/resources/cert
+OOF/OOF-CMSO,Yes,No,No,kubernetes/oof/charts/oof-cmso/resources/certs
+OOF/OOF-HAS,Yes,No,No,kubernetes/oof/charts/oof-has/resources/config
+OOF/OOF-OSDF,Yes,No,No,kubernetes/oof/resources/config
+CLI,No,Yes,No,kubernetes/cli/resources/certificates
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _master_index:
.. This work is licensed under a Creative Commons Attribution 4.0
.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_cloud_setup_guide:
.. Links
.. - IBM, and
.. - `Openstack`_.
..
-.. #. Alternatively, OOM can be deployed on a private set of physical hosts or VMs
-.. (or even a combination of the two). The following guides describe how to
-.. create a Kubernetes cluster with popular tools:
+.. #. Alternatively, OOM can be deployed on a private set of physical hosts or
+.. VMs (or even a combination of the two). The following guides describe how
+.. to create a Kubernetes cluster with popular tools:
..
.. - `Setting up Kubernetes with Rancher`_ (recommended)
.. - `Setting up Kubernetes with Kubeadm`_
combination of the two). The following guide describe the recommended method to
setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`.
-There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_
+There are alternative deployment methods described on the
+`Cloud Native Deployment Wiki`_
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _Helm: https://docs.helm.sh/
You can use either `charts` or `components` folder for your subcomponents.
`charts` folder means that the subcomponent will always been deployed.
-`components` folders means we can choose if we want to deploy the sub component.
+`components` folders means we can choose if we want to deploy the
+subcomponent.
This choice is done in root `values.yaml`:
app.kubernetes.io/instance: my-deployment-name-of-my-component
type: NodePort
-In the deployment or statefulSet file, you needs to set the good labels in order
-for the service to match the pods.
+In the deployment or statefulSet file, you needs to set the good labels in
+order for the service to match the pods.
-here's an example to be sure it matchs (for a statefulSet):
+here's an example to be sure it matches (for a statefulSet):
.. code-block:: yaml
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- so-mariadb
integration will be done:
A registrator to push the service endpoint info to MSB service
-discovery.
+discovery.
- The needed service endpoint info is put into the kubernetes yaml file
as annotation, including service name, Protocol,version, visual
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks
.. Links
-.. _hardcoded-certiticates-label:
+.. _hardcoded-certificates-label:
ONAP Hardcoded certificates
###########################
ONAP current installation have hardcoded certificates.
Here's the list of these certificates:
- +-----------------------------------------------------------------------------------------------------------------------------------------------------+
- | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
- +==================+==================+==================+============================================================================================+
- | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | VID | No | Yes | No | kubernetes/vid/resources/cert |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | CLI | No | Yes | No | kubernetes/cli/resources/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+.. csv-table::
+ :file: hardcoded_certificates.csv
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_project_description:
ONAP Operations Manager Project
- **Deploy** - with built-in component dependency management
- **Configure** - unified configuration across all ONAP components
-- **Monitor** - real-time health monitoring feeding to a Consul UI and Kubernetes
+- **Monitor** - real-time health monitoring feeding to a Consul UI and
+ Kubernetes
- **Heal**- failed ONAP containers are recreated automatically
- **Scale** - cluster ONAP services to enable seamless scaling
-- **Upgrade** - change-out containers or configuration with little or no service impact
+- **Upgrade** - change-out containers or configuration with little or no
+ service impact
- **Delete** - cleanup individual containers or entire deployments
OOM supports a wide variety of Kubernetes private clouds - built with Rancher,
-Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure,
-Amazon AWS, Google GCD, VMware VIO, and Openstack.
+Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft
+Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack.
-The OOM documentation is broken into four different areas each targeted at a different user:
+The OOM documentation is broken into four different areas each targeted at a
+different user:
- :ref:`quick-start-label` - deploy ONAP on an existing cloud
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
-- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
-- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
+- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud
+ environments that ONAP will use
+- :ref:`hardcoded-certificates-label` - the list of all hardcoded certificates
+ set in ONAP installation
The :ref:`release_notes` for OOM describe the incremental features per release.
.. This work is licensed under a
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_quickstart_guide:
.. _quick-start-label:
.. figure:: oomLogoV2-medium.png
:align: right
-Once a kubernetes environment is available (follow the instructions in
+Once a Kubernetes environment is available (follow the instructions in
:ref:`cloud-setup-guide-label` if you don't have a cloud environment
available), follow the following instructions to deploy ONAP.
> git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules
> cd oom/kubernetes
-where <BRANCH> can be an offical release tag, such as
+where <BRANCH> can be an official release tag, such as
* 4.0.0-ONAP for Dublin
* 5.0.1-ONAP for El Alto
> sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override
-file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment
-with items like the OpenStack tenant information.
+**Step 3.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
+an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
+to suit your deployment with items like the OpenStack tenant information.
.. note::
Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
the ``enabled: true/false`` flags.
- b. Encrypt the OpenStack password using the shell tool for robot and put it in
- the robot helm charts or robot section of `openstack.yaml`
+ b. Encrypt the OpenStack password using the shell tool for Robot and put it in
+ the Robot Helm charts or Robot section of `openstack.yaml`
- c. Encrypt the OpenStack password using the java based script for SO helm charts
+ c. Encrypt the OpenStack password using the java based script for SO Helm charts
or SO section of `openstack.yaml`.
- d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
+ d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
charts or use an override file to replace them.
e. Add in the command line a value for the global master password (global.masterPassword).
b. Generating ROBOT Encrypted Password:
-The ROBOT encrypted Password uses the same encryption.key as SO but an
+The Robot encrypted Password uses the same encryption.key as SO but an
openssl algorithm that works with the python based Robot Framework.
.. note::
- To generate ROBOT ``openStackEncryptedPasswordHere``::
+ To generate Robot ``openStackEncryptedPasswordHere``::
cd so/resources/config/mso/
/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin and upper versions.
+Robot uses in Dublin and upper versions.
.. note::
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
d. Update the OpenStack parameters:
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
-constraints.
+There are assumptions in the demonstration VNF Heat templates about the
+networking available in the environment. To get the most value out of these
+templates and the automation that can help confirm the setup is correct, please
+observe the following constraints.
``openStackPublicNetId:``
- This network should allow heat templates to add interfaces.
- This need not be an external network, floating IPs can be assigned to the ports on
- the VMs that are created by the heat template but its important that neutron allow
- ports to be created on them.
+ This network should allow Heat templates to add interfaces.
+ This need not be an external network, floating IPs can be assigned to the
+ ports on the VMs that are created by the heat template but its important that
+ neutron allow ports to be created on them.
``openStackPrivateNetCidr: "10.0.0.0/16"``
- This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
- The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
- demonstration ip addressing plan embodied in the preload template prevent conflicts when
- instantiating the various VNFs. If you need to change this, you will need to modify the preload
- data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
- in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
- to create.
+ This ip address block is used to assign OA&M addresses on VNFs to allow ONAP
+ connectivity. The demonstration Heat templates assume that 10.0 prefix can be
+ used by the VNFs and the demonstration ip addressing plan embodied in the
+ preload template prevent conflicts when instantiating the various VNFs. If
+ you need to change this, you will need to modify the preload data in the
+ Robot Helm chart like integration_preload_parameters.py and the
+ demo/heat/preload_data in the Robot container. The size of the CIDR should
+ be sufficient for ONAP and the VMs you expect to create.
``openStackOamNetworkCidrPrefix: "10.0"``
- This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
- robot scripts for demonstration. A production deployment need not worry about this
- setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-
+ This ip prefix mush match the openStackPrivateNetCidr and is a helper
+ variable to some of the Robot scripts for demonstration. A production
+ deployment need not worry about this setting but for the demonstration VNFs
+ the ip asssignment strategy assumes 10.0 ip prefix.
Example Keystone v2.0
.. literalinclude:: helm-search.txt
.. note::
- The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository.
+ The setup of the Helm repository is a one time activity. If you make changes
+ to your deployment charts or values be sure to use ``make`` to update your
+ local Helm repository.
**Step 8.** Once the repo is setup, installation of ONAP can be done with a
single command
> cd oom/kubernetes
> helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
-All override files may be customized (or replaced by other overrides) as per needs.
+All override files may be customized (or replaced by other overrides) as per
+needs.
`onap-all.yaml`
- Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+ Enables the modules in the ONAP deployment. As ONAP is very modular, it is
+ possible to customize ONAP and disable some components through this
+ configuration file.
`onap-all-ingress-nginx-vhost.yaml`
- Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
- Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+ Alternative version of the `onap-all.yaml` but with global ingress controller
+ enabled. It requires the cluster configured with the nginx ingress controller
+ and load balancer. Please use this file instead `onap-all.yaml` if you want
+ to use experimental ingress controller feature.
`environment.yaml`
Includes configuration values specific to the deployment environment.
- Example: adapt readiness and liveness timers to the level of performance of your infrastructure
+ Example: adapt readiness and liveness timers to the level of performance of
+ your infrastructure
`openstack.yaml`
- Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests.
+ Includes all the OpenStack related information for the default target tenant
+ you want to use to deploy VNFs from ONAP and/or additional parameters for the
+ embedded tests.
**Step 9.** Verify ONAP installation
-Use the following to monitor your deployment and determine when ONAP is ready for use::
+Use the following to monitor your deployment and determine when ONAP is ready
+for use::
> kubectl get pods -n onap -o=wide
> ~/oom/kubernetes/robot/ete-k8s.sh onap health
-**Step 10.** Undeploy ONAP::
+**Step 10.** Undeploy ONAP
+::
> helm undeploy dev --purge
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020, Samsung Electronics
Ingress controller setup on HA Kubernetes Cluster
#################################################
-This guide provides instruction how to setup experimental ingress controller feature.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster and ingress controller
+This guide provides instruction how to setup experimental ingress controller
+feature. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
+ingress controller
.. contents::
:depth: 1
#. Customization of the cluster.yaml file for ingress controller support
-#. Installation and configuration test DNS server for ingress host resolution on testing machines
+#. Installation and configuration test DNS server for ingress host resolution
+ on testing machines
-#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+#. Installation and configuration MLB (Metal Load Balancer) required for
+ exposing ingress service
-#. Instalation and configuration NGINX ingress controller
+#. Installation and configuration NGINX ingress controller
-#. Additional info howto deploy onap with services exposed via Ingress controller
+#. Additional info how to deploy ONAP with services exposed via Ingress
+ controller
Customize cluster.yml file
-===========================
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+==========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider
+should be configured and following:
.. code-block:: yaml
- <...>
- restore:
- restore: false
- snapshot_name: ""
- ingress:
- provider: none
- dns:
- provider: coredns
- upstreamnameservers:
- - <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
-
-For external load balacer purposes minimum one of the worker node should be configured with external IP
-address accessible outside the cluster. It can be done using the following example node configuration:
+
+ ---
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
+node.
+
+For external load balancer purposes, minimum one of the worker node should be
+configured with external IP address accessible outside the cluster. It can be
+done using the following example node configuration:
.. code-block:: yaml
- <...>
- - address: <external_ip>
- internal_address: <internal_ip>
- port: "22"
- role:
- - worker
- hostname_override: "onap-worker-0"
- user: ubuntu
- ssh_key_path: "~/.ssh/id_rsa"
- <...>
-Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+ ---
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+Where the <external_ip> is external worker node IP address, and <internal_ip>
+is internal node IP address if it is required.
-DNS server configuration and instalation
-========================
-DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
-resolves all subdomain related to the onap cluster to the load balancer IP.
-Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
-Adding many entries into the configuration files on testing machines is quite problematic and error prone.
-The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+DNS server configuration and installation
+=========================================
+DNS server deployed on the Kubernetes cluster makes it easy to use services
+exposed through ingress controller because it resolves all subdomain related to
+the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
+of entries on the target machines in the /etc/hosts. Adding many entries into
+the configuration files on testing machines is quite problematic and error
+prone. The better wait is to create central DNS server with entries for all
+virtual host pointed to simpledemo.onap.org and add custom DNS server as a
+target DNS server for testing machines and/or as external DNS for Kubernetes
+cluster.
-DNS server has automatic instalation and configuration script, so instalation is quite easy::
+DNS server has automatic installation and configuration script, so installation
+is quite easy::
- > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
- > ./deploy\_dns.sh
+ > ./deploy\_dns.sh
After DNS deploy you need to setup DNS entry on the target testing machine.
Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuation proposed by the deploy scripts
+on the target machine. Please follow the configuration proposed by the deploy
+scripts.
Example output depends on the IP address and example output looks like bellow::
-
- DNS server already deployed:
- 1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
- 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-MetalLB Load Balancer instalation and configuration
+MetalLB Load Balancer installation and configuration
====================================================
-By default pure Kubernetes cluster requires external load balancer if we want to expose
-external port using LoadBalancer settings. For this purpose MetalLB can be used.
-Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+By default pure Kubernetes cluster requires external load balancer if we want
+to expose external port using LoadBalancer settings. For this purpose MetalLB
+can be used. Before installing the MetalLB you need to ensure that at least one
+worker has assigned IP accessible outside the cluster.
-MetalLB Load balanancer can be easily installed using automatic install script::
+MetalLB Load balancer can be easily installed using automatic install script::
- > cd kubernetes/contrib/metallb-loadbalancer-inst
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
- > ./install-metallb-on-cluster.sh
+ > ./install-metallb-on-cluster.sh
-Configuration NGINX ingress controller
+Configuration Ngninx ingress controller
=======================================
-After installation DNS server and ingress controller we can install and configure ingress controller.
+After installation DNS server and ingress controller we can install and
+configure ingress controller.
It can be done using the following commands::
- > cd kubernetes/contrib/ingress-nginx-post-inst
+ > cd kubernetes/contrib/ingress-nginx-post-inst
- > kubectl apply -f nginx_ingress_cluster_config.yaml
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
- > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
-After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
-with external IP address::
+After deploy NGINX ingress controller you can ensure that the ingress port is
+exposed as load balancer service with external IP address::
- > kubectl get svc -n ingress-nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
- ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
ONAP with ingress exposed services
-=====================================
-If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
- > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+==================================
+If you want to deploy onap with services exposed through ingress controller you
+can use full onap deploy script::
+
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
Ingress also can be enabled on any onap setup override using following code:
.. code-block:: yaml
- <...>
- #ingress virtualhost based configuration
- global:
- <...>
- ingress:
- enabled: true
+
+ ---
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
ONAP on HA Kubernetes Cluster
#############################
-This guide provides instructions on how to setup a Highly-Available Kubernetes Cluster.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster.
+This guide provides instructions on how to setup a Highly-Available Kubernetes
+Cluster. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster.
.. contents::
:depth: 1
#. Installation and configuration of kubectl
-#. Installation and configuration of helm
+#. Installation and configuration of Helm
#. Creation of an NFS Server to be used by ONAP as shared persistance
-There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
-To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
+There are many ways one can execute the above steps. Including automation
+through the use of HEAT to setup the OpenStack VMs. To better illustrate the
+steps involved, we have captured the manual creation of such an environment
+using the ONAP Wind River Open Lab.
Create Key Pair
===============
.. image:: images/keys/key_pair_1.png
.. Note::
- If you're creating a new Key Pair, ensure to create a local copy of the Private Key through the use of "Copy Private Key to Clipboard".
+ If you're creating a new Key Pair, ensure to create a local copy of the
+ Private Key through the use of "Copy Private Key to Clipboard".
For the purpose of this guide, we will assume a new local key called "onap-key"
-has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
+has been downloaded and is copied into **~/.ssh/**, from which it can be
+referenced.
Example::
Create Kubernetes Worker VMs
============================
The following instructions describe how to create OpenStack VMs to host the
-Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on these nodes.
+Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on
+these nodes.
Launch new VM instances
-----------------------
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
-and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
-application workload.
+The number and size of Worker VMs is dependent on the size of the ONAP
+deployment. By default, all ONAP applications are deployed. It's possible to
+customize the deployment and enable a subset of the ONAP applications. For the
+purpose of this guide, however, we will deploy 12 Kubernetes Workers that have
+been sized to handle the entire ONAP application workload.
.. image:: images/wk_vms/worker_1.png
Apply customization script for Kubernetes VM(s)
-----------------------------------------------
-Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to download the
-script.
+Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to
+download the script.
.. literalinclude:: openstack-k8s-workernode.sh
:language: bash
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
-You only need to install kubectl where you'll launch kubernetes command. This
-can be any machines of the kubernetes cluster or a machine that has IP access
+You only need to install kubectl where you'll launch Kubernetes command. This
+can be any machines of the Kubernetes cluster or a machine that has IP access
to the APIs.
Usually, we use the first controller as it has also access to internal
Kubernetes services, which can be convenient.
Apply customization script for NFS Server VM
--------------------------------------------
-Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
-script.
+Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download
+the script.
.. literalinclude:: openstack-nfs-server.sh
:language: bash
ONAP Deployment via OOM
=======================
-Now that kubernetes and Helm are installed and configured you can prepare to
+Now that Kubernetes and Helm are installed and configured you can prepare to
deploy ONAP. Follow the instructions in the README.md_ or look at the official
documentation to get started:
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_user_guide:
.. Links
- Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes
- Heal_- failed ONAP containers are recreated automatically
- Scale_ - cluster ONAP services to enable seamless scaling
-- Upgrade_ - change-out containers or configuration with little or no service impact
+- Upgrade_ - change-out containers or configuration with little or no service
+ impact
- Delete_ - cleanup individual containers or entire deployments
.. figure:: oomLogoV2-Deploy.png
------------------------------------------------------------
The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. Openstack VMs with private internal network) which
+publicly accessible (i.e. OpenStack VMs with private internal network) which
blocks access to the ONAP Portal. To enable direct access to this Portal from a
user's own environment (a laptop etc.) the portal application's port 8989 is
exposed through a `Kubernetes LoadBalancer`_ object.
Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In Openstack this is a floating IP address.
+is assigned. In OpenStack this is a floating IP address.
When the `portal-app` chart is deployed a Kubernetes service is created that
instantiates a load balancer. The LB chooses the private interface of one of
the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
Then to be able to access the portal on port 8989 from outside the K8s &
-Openstack environment, the user needs to assign/get the floating IP address that
+OpenStack environment, the user needs to assign/get the floating IP address that
corresponds to the private IP as follows::
> kubectl -n onap get services|grep "portal-app"
In this example, use the 10.0.0.4 private address as a key find the
corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the Openstack CLI
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
for your tenant (openstack server list). That IP is then used in your
`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
below::
All highly available systems include at least one facility to monitor the
health of components within the system. Such health monitors are often used as
-inputs to distributed coordination systems (such as etcd, zookeeper, or consul)
-and monitoring systems (such as nagios or zabbix). OOM provides two mechanisms
+inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul)
+and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms
to monitor the real-time health of an ONAP deployment:
- a Consul GUI for a human operator or downstream monitoring systems and
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
**Platform Resiliency**
* Documenation of a Highly-Available Kubernetes Cluster Deployment
-* Availability of a Default Storage Class Provisioner for improved Persistent Storage resiliency
+* Availability of a Default Storage Class Provisioner for improved Persistent
+ Storage resiliency
* Availability of a CNI reference integration for Multi-site support
- * applications can take advantage of multi-site by using POD and/or Node (anti)affinity, taints/tolerations, labels per application
+ * applications can take advantage of multi-site by using POD and/or Node
+ (anti)affinity, taints/tolerations, labels per application
**Footprint Optimization**
Summary
-------
-The focus of this release was on maintanence and as such no new features were delivered.
+The focus of this release was on maintanence and as such no new features were
+delivered.
A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
**New Features**
version 2.2.2 in global part of override file if the new check is needed.
- `OOM-2421 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to
undeploy/redeploy NBI.
-- `OOM-2422 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to create
+- `OOM-2422 <https://jira.onap.org/browse/OOM-2422>`_ Workaround is to create
first portal app service with service type Cluster IP then changing it to
NodePort or LoadBalancer so all the port are available.
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+appVersion: "1.0.0"
+description: A Helm chart for A1 Policy Management Service
+name: a1policymanagement
+version: 6.0.0
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{
+ "config": {
+ "controller": [
+ {
+ "name": "controller1",
+ "baseUrl": "{{ .Values.sdncLink }}",
+ "userName": "${A1CONTROLLER_USER}",
+ "password": "${A1CONTROLLER_PASSWORD}"
+ }
+ ],
+ "ric": [
+ {
+ "name": "ric1",
+ "baseUrl": "{{ .Values.ricLink }}",
+ "controller": "controller1",
+ "managedElementIds": [
+ "kista_1",
+ "kista_2"
+ ]
+ }
+ ],
+ "streams_publishes": {
+ "dmaap_publisher": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamPublish }}"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamSubscribe }}"
+ }
+ }
+ }
+ }
+}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-policy-conf
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+kind: Deployment
+apiVersion: apps/v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ volumeMounts:
+ - name: config
+ mountPath: /opt/app/policy-agent/data
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-policy-conf-input
+ configMap:
+ name: {{ include "common.fullname" . }}-policy-conf
+ - name: config
+ emptyDir:
+ medium: Memory
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+# Default values for Policy Management Service.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ nodePortPrefix: 300
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: controller-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
+ login: '{{ .Values.a1controller.user }}'
+ password: '{{ .Values.a1controller.password }}'
+ passwordPolicy: required
+
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-oran-a1policymanagementservice:1.0.0
+pullPolicy: IfNotPresent
+replicaCount: 1
+
+service:
+ type: NodePort
+ name: a1policymanagement
+ both_tls_and_plain: true
+ ports:
+ - name: api
+ port: 8433
+ plain_port: 8081
+ port_protocol: http
+ nodePort: '94'
+
+# SDNC Credentials are used here
+a1controller:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+sdncLink: https://sdnc.onap:8443
+# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port>
+# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination.
+# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
+# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
+ricLink:
+streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
+streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
+
+liveness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+readiness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+#Resource Limit flavor -By Default using small
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
initContainers:
- name: wait-for-ejbca
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- ejbca-ejbca
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: subsitute-envs
image: "{{ .Values.global.envsubstImage }}"
envsubstImage: dibi/envsubst
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- mountPath: /sms/auth
name: {{ include "common.fullname" . }}-auth
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms-vault"
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms"
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-job-complete
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.fullname" . }}-init"
restartPolicy: Never
initContainers:
{{- if .Values.global.tpm.enabled }}
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
spec:
restartPolicy: Never
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-distcenter-ready
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-aaf-sshsm-distcenter"
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
{{- if .Values.sequence_order }}
- name: {{ include "common.name" . }}-aaf-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := .Values.sequence_order }}
- --container-name
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
limits:
global:
nodePortPrefix: 302
# Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# Ubuntu Init image
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-Subproject commit f1e329c458c48530da36dd1c6b38b7548116bd65
+Subproject commit 48ae4e9d7a9ef5f9e73f6a3c90fd808f086089f5
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{.Values.config.mariadbGaleraContName}}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
centralizedLoggingEnabled: false
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
#Actuator properties
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
+
+#K8s Plugin properties
+#Credentials are placeholders as k8s plugin has not authentication atm
+blueprintprocessor.k8s.plugin.username=unused
+blueprintprocessor.k8s.plugin.password=unused
+blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
</encoder>
</appender>
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
- <root level="info">
+ <root level="{{ .Values.logback.rootLogLevel }}">
<appender-ref ref="STDOUT"/>
</root>
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- cds-db
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: fix-permission
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
config:
ssl: "none"
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- cds-blueprints-processor
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
- name: AUTH_TYPE
value: {{ .Values.config.authType }}
- name: API_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
- name: API_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
- name: LOG_FILE
value: {{ .Values.config.logFile }}
- name: ARTIFACT_MANAGER_PORT
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
</encoder>
</appender>
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
- <root level="warn">
+ <root level="{{ .Values.logback.rootLogLevel }}">
<appender-ref ref="STDOUT"/>
</root>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdc-be
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
ingress:
enabled: false
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- mariadb
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global: # global defaults
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
secrets:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-dash-es
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
flavor: small
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-dash-es
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
flavor: small
esac
done
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
- val=`echo -n $val | sed -e "s/'/''/g"`
+ val=`prepare_password $val`
export "$var"="$val"
unset "$fileVar"
}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-backend
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
centralizedLoggingEnabled: false
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER != helm version --template "{{.Version}}"
+
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
-#!/usr/bin/python
+#!/usr/bin/env python
import getopt
import logging
import os
from kubernetes import config
from kubernetes.client import Configuration
-from kubernetes.client.apis import core_v1_api
+from kubernetes.client.api import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
-#!/bin/bash
+#!/bin/sh
# Initialize variables
ss_dir=""
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: "cassandra-backup-init"
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
echo "Executing cleanup!!"
command="nodetool cleanup"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "cassandra" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
d=$(echo $d | sed 's:/*$::')
keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
- /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
+ /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
pids="$pids $!"
fi
done
- mountPath: /backup
name: backup-dir
- name: scripts
- mountPath: /root/restore.sh
+ mountPath: /app/restore.sh
subPath: restore.sh
- name: scripts
- mountPath: /root/exec.py
+ mountPath: /app/exec.py
subPath: exec.py
containers:
- name: cassandra-backup-validate
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.headlessService" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
backup:
mountPath: /dockerdata-nfs/backup
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
# application image
repository: nexus3.onap.org:10001
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CERTS_DIR=${CERTS_DIR:-/certs}
+WORK_DIR=${WORK_DIR:-/updatedTruststore}
+ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
+JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
+TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+
+mkdir -p $WORK_DIR
+
+# Decrypt and move relevant files to WORK_DIR
+for f in $CERTS_DIR/*; do
+ if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then
+ # Dont use onap truststore when aaf is disabled
+ continue
+ fi
+ if [[ $f == *.sh ]]; then
+ continue
+ fi
+ if [[ $f == *.b64 ]]
+ then
+ base64 -d $f > $WORK_DIR/`basename $f .b64`
+ else
+ cp $f $WORK_DIR/.
+ fi
+done
+
+# Prepare truststore output file
+if [[ $AAF_ENABLED == true ]]
+ then
+ mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+ else
+ echo "AAF is disabled, using JRE truststore"
+ cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+fi
+
+# Import Custom Certificates
+for f in $WORK_DIR/*; do
+ if [[ $f == *.pem ]]; then
+ echo "importing certificate: $f"
+ keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
+ if [[ $? != 0 ]]; then
+ echo "failed importing certificate: $f"
+ exit 1
+ fi
+ fi
+done
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
value: "{{ $initRoot.public_fqdn | default "" }}"
{{- end -}}
+{{/*
+ This init container will import custom .pem certificates to truststoreONAPall.jks
+ Custom certificates must be placed in common/certInitializer/resources directory.
+
+ The feature is enabled by setting Values.global.importCustomCertsEnabled = true
+ It can be used independently of aafEnabled, however it requires the same includes
+ as describe above for _initContainer.
+
+ When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
+ to import custom certificates, otherwise the default java keystore will be used.
+
+ The updated truststore file will be placed in /updatedTruststore and can be mounted per component
+ to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
+ The truststore file will be available to mount even if no custom certificates were imported.
+*/}}
+{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+- name: {{ include "common.name" $dot }}-import-custom-certs
+ image: {{ $subchartDot.Values.global.jreImage }}
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /bin/bash
+ - -c
+ - /root/import-custom-certs.sh
+ env:
+ - name: AAF_ENABLED
+ value: "{{ $subchartDot.Values.global.aafEnabled }}"
+ - name: TRUSTSTORE_OUTPUT_FILENAME
+ value: "{{ $initRoot.truststoreOutputFileName }}"
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
+ volumeMounts:
+ - mountPath: /certs
+ name: aaf-agent-certs
+ - mountPath: /root/import-custom-certs.sh
+ name: aaf-agent-certs
+ subPath: import-custom-certs.sh
+ - mountPath: /updatedTruststore
+ name: updated-truststore
+{{- end -}}
+
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.mountPath }}
+- mountPath: {{ $initRoot.appMountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
+{{/*
+ This is used together with _initImportCustomCertsContainer
+ It mounts the updated truststore (with imported custom certificates) to the
+ truststoreMountpath defined in the values file for the component.
+*/}}
+{{- define "common.certInitializer._trustStoreVolumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- if gt (len $initRoot.truststoreMountpath) 0 }}
+- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
+ name: updated-truststore
+ subPath: {{ $initRoot.truststoreOutputFileName }}
+{{- end -}}
+{{- end -}}
+
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
name: {{ include "common.fullname" $subchartDot }}-add-config
defaultMode: 0700
{{- end -}}
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: updated-truststore
+ emptyDir: {}
+{{- end -}}
{{- end -}}
{{- define "common.certInitializer.initContainer" -}}
{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
+ {{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{ include "common.certInitializer._initContainer" . }}
{{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{- include "common.certInitializer._volumeMount" . }}
{{- end -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{- include "common.certInitializer._trustStoreVolumeMount" . }}
+ {{- end -}}
{{- end -}}
{{- define "common.certInitializer.volumes" -}}
{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
+ {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
{{- include "common.certInitializer._volumes" . }}
{{- end -}}
{{- end -}}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: nexus3.onap.org:10001
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
+ jreImage: registry.gitlab.com/onap-integration/docker/onap-java
pullPolicy: Always
login: '{{ .Values.aafDeployFqi }}'
password: '{{ .Values.aafDeployPass }}'
passwordPolicy: required
+ - uid: truststore-creds
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+ password: '{{ .Values.truststorePassword }}'
+ passwordPolicy: required
readinessCheck:
wait_for:
cadi_longitude: "-72.0"
aaf_add_config: ""
mountPath: "/opt/app/osaaf"
+appMountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy BRMS GW
-name: brmsgw
+description: Template used to store cmpv2 configuration in onap
+name: cmpv2Config
version: 6.0.0
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://../common'
--- /dev/null
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+ aaf:
+ certServiceClient:
+ image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ envVariables:
+ # Certificate related
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2State: "California"
+ cmpv2Country: "US"
+ # Client configuration related
+ requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestTimeout: "30000"
+ keystorePassword: "secret"
+ truststorePassword: "secret"
{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}}
{{- if $dot.Values.global.aafEnabled -}}
- name: {{ include "common.name" $dot }}-aaf-readiness
- image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}"
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-locate
- name: aaf_locator_app_ns
value: "{{ $aafRoot.app_ns }}"
- name: DEPLOY_FQI
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
- name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
#Note: want to put this on Nodes, eventually
- name: cadi_longitude
value: "{{ default "52.3" $aafRoot.cadi_longitude }}"
{{ else if eq "testRelease" (include "common.release" .) }}
{{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}}
{{- printf "testRelease" -}}
+ {{ else if eq "test-release" .Release.Name }}
+ {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- printf "testRelease" -}}
{{ else }}
{{ fail "masterPassword not provided" }}
{{ end }}
{{- end -}}
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
{{- $uid := (default "" .uid) }}
{{- $name := (default "" .name) }}
{{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- if eq "test-release" $global.Release.Name -}}
+ {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- $uid = lower $uid -}}
+ {{- end -}}
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dbPodName }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+{{/*
# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+*/}}
{{ include "common.ingress" . }}
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{- range $kind, $enabled := .Values.hooks }}
{{- if $enabled }}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{ $role := "curator" -}}
{{ $suffix := $role -}}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.psp.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
apiVersion: v1
kind: ServiceAccount
##
enabled: false
name: curator
-image:
- imageName: bitnami/elasticsearch-curator
- tag: 5.8.1-debian-9-r74
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
service:
port: 9200
cronjob:
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{ $role := "data" -}}
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-data
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
- name: http-transport
port: 9300
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## updateStrategy for ElasticSearch Data statefulset
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-master
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" . }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "master" -}}
{{ $labels := (dict "role" $role) -}}
{{ $matchLabels := (dict "role" $role) }}
-{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.config }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
{{ $role := "coordinating-only" -}}
{{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
{{- if .Values.securityContext.enabled }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "coordinating-only" -}}
{{ $labels := (dict "role" $role) -}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
global:
aafEnabled: true
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
enabled: true
# application image
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
+{{/*
# Copyright 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy PDP
-name: pdp
+description: Template used to create same STDOUT log configuration
+name: logConfiguration
version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Resolve the level of the logs.
+ The value for .Values.logLevel is used by default,
+ unless either override mechanism is used.
+
+ - .Values.global.logLevel : override default log level for all components
+ - .Values.logLevelOverride : override global and default log level on a per
+ component basis
+
+ The function can takes below arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .initRoot : the root dictionary of logConfiguration submodule
+ (default to .Values.logConfiguration)
+*/}}
+{{- define "common.log.level" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- if $subchartDot.Values.logLevelOverride }}
+ {{- printf "%s" $subchartDot.Values.logLevelOverride -}}
+ {{- else }}
+ {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}}
+ {{- end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logLevel: INFO
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
-function prepare_password {
- echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: mariadb-galera-backup-init
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
containers:
- name: mariadb-backup-validate
image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
{{- end }}
fsGroup: 1001
runAsUser: 0
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
name: mariadb-galera-upgrade-readiness
env:
- name: NAMESPACE
apiVersion: v1
fieldPath: metadata.namespace
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- mariadb-galera
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
busyboxImage: busybox:1.30
busyboxRepository: docker.io
# kubeclt image
{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
{{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+ {{- if not .Values.secretsUpdated }}
+ {{- $global := . }}
+ {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+ {{- $newList := append $global.Values.secrets $item }}
+ {{- $_ := set $global.Values "secrets" $newList }}
+ {{- end -}}
+ {{ $_ := set $global.Values "secretsUpdated" true }}
+ {{- end -}}
+{{- end -}}
+{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
+{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
kind: Job
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
+ - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- /db_init/db_init.sh
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{- define "mariadb-init._update-secrets" -}}
- {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf " type: basicAuth" }}
- {{- if $dbInfos.externalSecret }}
-{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
- {{- end }}
-{{ printf " login: %s" $dbInfos.user }}
-{{ printf " password: %s" $dbInfos.password }}
-{{ printf " passwordPolicy: required" }}
- {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: oomk8s/readiness-check:2.0.2
+ value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
#################################################################
global:
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
mariadbGalera:
nameOverride: mariadb-galera
servicePort: 3306
secrets:
- uid: root-password
type: password
- externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
- password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+ password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
# Set it if you want to change the name of the different components
# nameOverride:
+mariadbGalera: {}
+# serviceName: some-name
+# containerName: some-name
+# servicePort: 3306
+# userRootPassword: some-password
+# userRootSecret: some-secret-name
+# userRootSecretKey: password
+
+
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --timeout
- "{{ .Values.global.readinessTimeout }}"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- # Set default to 4 hrs.
+ readinessImage: onap/oom/readiness:3.0.1
+ # Set default to 4 hrs.
# On slow environments dealys this long have been seen.
readinessTimeout: 240
# logging agent
job:
host: music-cassandra
port: 9042
- busybox:
+ busybox:
image: library/busybox:latest
- cassandra:
+ cassandra:
image: onap/music/cassandra_job:3.0.24
timeout: 30
delay: 120
replicationClass: "SimpleStrategy"
replicationFactor: 3
adminUser:
- username: nelson24
- password: nelson24
+ username: nelson24
+ password: nelson24
passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
+
podManagementPolicy: OrderedReady
updateStrategy:
type: OnDelete
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - {{ .Chart.Name }}
- topologyKey: kubernetes.io/hostname
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
selector:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-music-cassandra-job-config"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ include "common.resources" . | indent 12 }}
env:
- name: SPRING_OPTS
value: "{{ .Values.springOpts }}"
+{{/*
# Copyright © 2020 AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
envsubstImage: dibi/envsubst
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
release: {{ include "common.release" . }}
spec:
initContainers:
-{{- if .Values.global.mariadbGalera.localCluster }}
- - command:
- - /root/ready.py
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
args:
+{{- if .Values.global.mariadbGalera.localCluster }}
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
{{- else }}
- - command:
- - /root/job_complete.py
- args:
- --job-name
- {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
{{- end }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
command:
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: IfNotPresent
heritage: {{ $dot.Release.Service }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- serviceName: {{ $dot.Values.service.name }}
replicas: 1
selector:
matchLabels:
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# envsusbt
envsubstImage: dibi/envsubst
{{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
- image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}"
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := $containers }}
- --container-name
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.1
+ readinessImage: onap/oom/readiness:3.0.1
pullPolicy: Always
limits:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC Portal",
- "checks": [
- {
- "id": "sdnc-portal",
- "name": "SDNC Portal Health Check",
- "http": "http://sdnc-portal:8843/login",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- awx-postgres
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}-mgnt
global:
nodePortPrefixExt: 304
commonConfigPrefix: awx
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>46.0</float>
+ </void>
+ <void method="put">
+ <string>type</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>certversion</string>
+ <string>X509v3</string>
+ </void>
+ <void method="put">
+ <string>encodedvalidity</string>
+ <string>2y</string>
+ </void>
+ <void method="put">
+ <string>usecertificatevalidityoffset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatevalidityoffset</string>
+ <string>-10m</string>
+ </void>
+ <void method="put">
+ <string>useexpirationrestrictionforweekdays</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionforweekdaysbefore</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionweekdays</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowvalidityoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowextensionoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverridebyeei</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowbackdatedrevokation</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatestorage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storecertificatedata</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storesubjectaltname</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usebasicconstrants</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>basicconstraintscritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectkeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectkeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthoritykeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>authoritykeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectalternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectalternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useissueralternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>issueralternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultcrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointuri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usefreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecadefinedfreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>freshestcrluri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>crlissuer</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecertificatepolicies</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepoliciescritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepolicies</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablekeyalgorithms</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>DSA</string>
+ </void>
+ <void method="add">
+ <string>ECDSA</string>
+ </void>
+ <void method="add">
+ <string>RSA</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availableeccurves</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>ANY_EC_CURVE</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availablebitlengths</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>192</int>
+ </void>
+ <void method="add">
+ <int>224</int>
+ </void>
+ <void method="add">
+ <int>239</int>
+ </void>
+ <void method="add">
+ <int>256</int>
+ </void>
+ <void method="add">
+ <int>384</int>
+ </void>
+ <void method="add">
+ <int>512</int>
+ </void>
+ <void method="add">
+ <int>521</int>
+ </void>
+ <void method="add">
+ <int>1024</int>
+ </void>
+ <void method="add">
+ <int>1536</int>
+ </void>
+ <void method="add">
+ <int>2048</int>
+ </void>
+ <void method="add">
+ <int>3072</int>
+ </void>
+ <void method="add">
+ <int>4096</int>
+ </void>
+ <void method="add">
+ <int>6144</int>
+ </void>
+ <void method="add">
+ <int>8192</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>minimumavailablebitlength</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>maximumavailablebitlength</string>
+ <int>8192</int>
+ </void>
+ <void method="put">
+ <string>signaturealgorithm</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usekeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>keyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowkeyusageoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>keyusagecritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>useextendedkeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>extendedkeyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.2</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.4</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.1</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>extendedkeyusagecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedocumenttypelist</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelistcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelist</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablecas</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>usedpublishers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>useocspnocheck</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useldapdnorder</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorder</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usemicrosofttemplate</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>microsofttemplate</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecardnumber</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecnpostfix</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>cnpostfix</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usesubjectdnsubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectdnsubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usesubjectaltnamesubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectaltnamesubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usepathlengthconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>pathlengthconstraint</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqcstatement</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usepkixqcsyntaxv2</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementraname</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcsematicsid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiqccompliance</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsisignaturedevice</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsivaluelimit</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimit</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitexp</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitcurrency</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiretentionperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsiretentionperiod</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqccustomstring</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qccustomstringoid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qccustomstringtext</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qcetsipds</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>qcetsitype</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyincerts</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinocsp</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinpublisher</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectdirattributes</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usenameconstraints</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthorityinformationaccess</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>caissuers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usedefaultcaissuer</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultocspservicelocator</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>ocspservicelocatoruri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>cvcaccessrights</string>
+ <int>3</int>
+ </void>
+ <void method="put">
+ <string>usedcertificateextensions</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>approvals</string>
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>REVOCATION</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>KEYRECOVER</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>ADDEDITENDENTITY</string>
+ </object>
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotbefore</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotafter</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodstartoffset</string>
+ <long>0</long>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodlength</string>
+ <long>63072000</long>
+ </void>
+ <void method="put">
+ <string>usesingleactivecertificateconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>overridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>nonoverridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>allowcertsnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorderldap</string>
+ <boolean>false</boolean>
+ </void>
+ </object>
+</java>
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+ ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+ #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+ #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>14.0</float>
+ </void>
+ <void method="put">
+ <string>NUMBERARRAY</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>3</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDNFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>500</int>
+ </void>
+ <void method="add">
+ <int>1100</int>
+ </void>
+ <void method="add">
+ <int>1200</int>
+ </void>
+ <void method="add">
+ <int>1300</int>
+ </void>
+ <void method="add">
+ <int>1400</int>
+ </void>
+ <void method="add">
+ <int>1600</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTALTNAMEFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1800</int>
+ </void>
+ <void method="add">
+ <int>1801</int>
+ </void>
+ <void method="add">
+ <int>1802</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDIRATTRFIELDORDER</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <int>0</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>1</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>95</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20095</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>96</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20096</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>5</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>26</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20026</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>29</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>31</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>32</int>
+ <string>1;2;3;4</string>
+ </void>
+ <void method="put">
+ <int>20032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>33</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>34</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10034</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>38</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>37</int>
+ <string>-477565695</string>
+ </void>
+ <void method="put">
+ <int>20037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>98</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30098</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>99</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30099</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>97</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30097</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>91</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30091</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>94</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20094</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>93</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>89</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30089</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>88</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30088</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>ALLOW_MERGEDN_WEBSERVICES</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>2</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10090</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>90</int>
+ <string>0</string>
+ </void>
+ <void method="put">
+ <string>REVERSEFFIELDCHECKS</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>28</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>REUSECERTIFICATE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>35</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10092</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>USEEXTENSIONDATA</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGUSE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGDEFAULT</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGREQUIRED</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGCOPIES</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>PRINTINGPRINTERNAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGDATA</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGFILENAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>11</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>12</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>13</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>14</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>16</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>18</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20018</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>118</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20118</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>218</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20218</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10218</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30218</int>
+ <boolean>true</boolean>
+ </void>
+ </object>
+</java>
name: "{{ include "common.fullname" . }}-config-script"
data:
{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
{{- if .Values.global.mariadbGalera.localCluster }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}-ejbca
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
+ - name: "{{ include "common.fullname" . }}-profiles-volume"
+ mountPath: /opt/primekey/custom_profiles/
ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: INITIAL_ADMIN
name: "{{ include "common.fullname" . }}-config-script"
defaultMode: 0755
name: "{{ include "common.fullname" . }}-volume"
+ - configMap:
+ name: "{{ include "common.fullname" . }}-profiles"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-profiles-volume"
# See the License for the specific language governing permissions and
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.1
+ readinessImage: onap/oom/readiness:3.0.1
mariadbGalera: &mariadbGalera
#This flag allows EJBCA to instantiate its own mariadb-galera cluster
localCluster: false
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- netbox-app
global:
nodePortPrefixExt: 304
commonConfigPrefix: netbox
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
+make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
make-dcae-bootstrap:
cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
make-dcae-healthcheck:
cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
-make-dcae-redis:
- cd components && helm dep up dcae-redis && helm lint dcae-redis
-
make-dcae-servicechange-handler:
cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mongo
version: ~6.x-0
repository: '@local'
+ - name: cmpv2Config
+ version: ~6.x-0
+ repository: '@local'
#=================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"component_cert_dir": "/opt/dcae/cacert",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
+ },
+ "external_cert":
+ {
+ "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}",
+ "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}",
+ "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}",
+ "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}",
+ "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}",
+ "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}",
+ "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
+ "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}",
+ "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}",
+ "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}"
}
}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.tca }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }}
-{{ end }}
-dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }}
-consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }}
-cbs_host: config-binding-service
-enableRedisCaching: {{ .Values.config.redisCaching }}
-{{ if .Values.config.redisHosts }}
-redisHosts: {{ .Values.config.redisHosts }}
-{{ end }}
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
ves:
port: 30235
portSecure: 30417
- # redisCaching is a string not a boolean!
- redisCaching: "false"
# postgres values--overriding defaults in the postgres subchart
postgres:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.1
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
- "dcae-cloudify-manager"
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-cm
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- consul-server
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
--- /dev/null
+{
+ "appenders": {
+ "out": {"type": "stdout"},
+ "audit": {
+ "type": "file",
+ "filename": "log/audit.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "metrics": {
+ "type": "file",
+ "filename": "log/metrics.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "error": {"type": "stdout"},
+ "debug": {"type": "stdout"}
+ },
+ "categories": {
+ "default": {"appenders": ["out"], "level": "debug"},
+ "audit": {"appenders": ["audit"], "level": "info"},
+ "metrics": {"appenders": ["metrics"], "level": "info"},
+ "error": {"appenders": ["error"], "level": "error"},
+ "debug": {"appenders": ["debug"], "level": "debug"}
+ }
+}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{include "common.fullname" . }}-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{include "common.fullname" . }}-log4js-configmap
+ namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log4js/*").AsConfig . | indent 2 }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
name: component-log
- mountPath: /opt/app/dh/etc/cert/
name: tls-info
+ - mountPath: /opt/app/dh/etc/
+ name: log4js-conf
env:
- name: CONSUL_HOST
value: consul-server.{{ include "common.namespace" . }}
defaultMode: 422
name: {{ include "common.fullname" . }}-configmap
name: dh-config
+ - configMap:
+ defaultMode: 420
+ name: {{include "common.fullname" . }}-log4js-configmap
+ name: log4js-conf
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
# Resource Limit flavor -By Default using small
flavor: small
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-deployment-handler
- --container-name
- consul-server
- --container-name
- - pdp
+ - policy-xacml-pdp
- "-t"
- "45"
env:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE Redis
-name: dcae-redis
-version: 6.0.0
+++ /dev/null
-#!/bin/bash
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then
- echo "delay by 10 seconds for redis server starting"
- sleep 10
-
- NODES=""
- echo "====> wait for all {{.Values.replicaCount}} redis pods up"
- while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ]
- do
- echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up"
- sleep 5
- RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}})
-
- IPS=$(echo $RESP | jq -r '.items[].status.podIP')
- IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g')
- echo "======> IPs: ["$IPS2"]"
- NODES=""
- for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done
- echo "======> nodes: ["$NODES"]"
- done
- echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo
- sleep 10
-
- echo "====> Configure the cluster"
-
- # $NODES w/o quotes
- echo "======> nodes: [$(echo $NODES |paste -s)]"
- redis-trib create --replicas 1 $(echo $NODES |paste -s)
-fi ) &
-
-redis-server /conf/redis.conf
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-data:
- redis.conf: |+
- cluster-enabled yes
- cluster-require-full-coverage no
- cluster-node-timeout 15000
- cluster-config-file /data/nodes.conf
- cluster-migration-barrier 1
- appendonly yes
- protected-mode no
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- /opt/scripts/redis-cluster-config.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "redis-cli -h $(hostname) ping"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /conf
- name: {{ include "common.fullname" . }}-config
- - mountPath: /data
- name: {{ include "common.fullname" . }}-data
- - mountPath: /opt/scripts
- name: {{ include "common.fullname" . }}-scripts
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: redis.conf
- path: redis.conf
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote}}
- {{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: dcae-redis
- portName: client
- externalPort: 6379
- internalPort: 6379
- portName2: gossip
- externalPort2: 16379
- internalPort2: 16379
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: redis/data
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaeredis"
- name: "dcae-redis"
- port: 6379
- - baseaddr: "dcaeredisgossip"
- name: "dcae-redis"
- port: 16379
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "dcae-inventory-api"
- --container-name
- "message-router"
- --container-name
- - "sdc-dcae-be"
+ - "sdc-be"
- "-t"
- "45"
env:
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0
pullPolicy: Always
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
+# dcae_ns: "dcae"
\ No newline at end of file
version: ~6.x-0
repository: 'file://components/dcae-healthcheck'
condition: dcae-healthcheck.enabled
- - name: dcae-redis
- version: ~6.x-0
- repository: 'file://components/dcae-redis'
- condition: dcae-redis.enabled
- name: dcae-servicechange-handler
version: ~6.x-0
repository: 'file://components/dcae-servicechange-handler'
[
{{- $ctx := . }}
-{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }}
+{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }}
{{- range $i, $v := $components }}
{{- if index $ctx.Values . "enabled" }}
{{- if $i }},{{ end }}
{{ $v | quote | indent 2 }}
{{- end -}}
{{- end }}
-]
\ No newline at end of file
+]
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
-redis:
- replicaCount: 6
-# Enable all DCAE components except redis by default
+# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
dcae-cloudify-manager:
enabled: true
dcae-policy-handler:
enabled: true
-dcae-redis:
- enabled: false
dcae-servicechange-handler:
- enabled: true
\ No newline at end of file
+ enabled: true
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-genprocessor-http
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-runtime-api
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
virtualhost:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
service:
type: ClusterIP
cpu: 2
memory: 2Gi
unlimited: {}
+
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
service:
name: dcaemod-healthcheck
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
config:
dbURL: jdbc:h2:./database/nifi-registry-primary
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
ingress:
enabled: true
virtualhost:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
value: {{ .Values.config.importK8S }}
- name: ONAP_IMPORT_POLICYPLUGIN
value: {{ .Values.config.importPolicy }}
- - name: ONAP_INPORT_POSTGRESPLUGIN
+ - name: ONAP_IMPORT_POSTGRESPLUGIN
value: {{ .Values.config.importPostgres }}
- name: ONAP_IMPORT_CLAMPPLUGIN
value: {{ .Values.config.importClamp }}
- name: ONAP_IMPORT_DMAAPPLUGIN
value: {{ .Values.config.importDMaaP }}
+ - name: ONAP_USEDMAAPPLUGIN
+ value: {{ .Values.config.useDmaapPlugin | quote }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
config:
dashboardURL: https://inventory:8080/dcae-service-types
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
- importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
- importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
- importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
- importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+ importK8S: plugin:k8splugin?version=3.3.0
+ importPostgres: plugin:pgaas?version=1.3.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.0
+ importDMaaP: plugin:dmaap?version=1.5.0
+ useDmaapPlugin: false
secrets:
- uid: "dashsecret"
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
- name: {{ include "common.name" . }}-postgres-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- end }}
containers:
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
- backoffLimit: 5
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-bc
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
envsubstImage: dibi/envsubst
<appender-ref ref="asyncDebug" />
<appender-ref ref="asyncError" />
<appender-ref ref="asyncJettyLog" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-dr-prov
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dmaapDrDb.mariadbContName }}
image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.zookeeper.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInitRepository: registry.hub.docker.com
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
</pattern>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.kafka.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
clientImage: onap/dmaap/dbc-client:1.0.9
# limitations under the License.
-->
-<configuration scan="false" debug="true">
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="logDir" value="/var/log/onap" />
- <property name="debugDir" value="/var/log/onap" />
-
- <property name="componentName" value="esr"></property>
- <property name="subComponentName" value="esr-server"></property>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
+
+ <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+ <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
+
+ <property name="logDir" value="{{ .Values.log.logDir }}" />
+ <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
<property name="errorLogName" value="error" />
<property name="metricsLogName" value="metrics" />
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+ <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- Console (human-readable) logging -->
+ <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
</appender>
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFAudit" />
</appender>
</appender>
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
</appender>
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFError"/>
</appender>
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
</appender>
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${consolePattern}</pattern>
+ </encoder>
+ </appender>
+
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<appender-ref ref="asyncEELFError" />
</logger>
- <root level="INFO">
+ <root level="{{ .Values.log.root.level }}">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
-</configuration>
-
+</configuration>
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ingress:
enabled: false
+log:
+ componentName: esr
+ subcomponentName: esr-server
+ debug: true
+ scan:
+ enabled: false
+ logDir: /var/log/onap
+ queueSize: 256
+ root:
+ level: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
#################################################################
global:
nodePortPrefix: 302
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- log-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- args:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- log-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- modeling-mariadb
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-consul
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
"HEAT_VOL",
"OTHER",
"VF_MODULES_METADATA",
- "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT"
+ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
+ "HELM"
],
"consumerGroup": "multicloud-k8s-group",
"environmentName": "AUTO",
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
mountSubPath: multicloud-k8s/mongo/data
enabled: true
disableNfsProvisioner: true
+ flavor: &storage_flavor large
+ resources: &storage_resources
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 75Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 300Mi
+ unlimited: {}
#etcd chart overrides for k8splugin
etcd:
persistence:
mountSubPath: multicloud-k8s/etcd/data
enabled: true
+ flavor: *storage_flavor
+ resources: *storage_resources
# No persistence right now as we rely on Mongo to handle that
persistence:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
nodePortPrefix: 302
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- artifactImage: onap/multicloud/framework-artifactbroker:1.5.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
prometheus:
enabled: false
persistence: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.5.1
+image: onap/multicloud/framework:1.6.0
pullPolicy: Always
#Istio sidecar injection policy
# Copyright © 2018 Orange
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
mariadbGalera: &mariadbGalera
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.3
+image: onap/externalapi/nbi:7.0.0
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~6.x-0
repository: '@local'
condition: modeling.enabled
+ - name: a1policymanagement
+ version: ~6.x-0
+ repository: '@local'
+ condition: a1policymanagement.enabled
# any other repository that hosts images for ONAP components.
#repository: nexus3.onap.org:10001
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 120
+a1policymanagement:
+ liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
user: docker
password: docker
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Copyright © 2019 Amdocs, Bell Canada
-#
+# Copyright (c) 2020 Nordix Foundation, Modifications
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
enabled: true
modeling:
enabled: true
+a1policymanagement:
+ enabled: true
\ No newline at end of file
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: docker
dockerHubRepository: docker.io
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.2
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
# curl image
curlImage: curlimages/curl:7.69.1
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
+ # configuration to set log level to all components (the one that are using
+ # "common.log.level" to set this)
+ # can be overrided per components by setting logConfiguration.logLevelOverride
+ # to the desired value
+ # logLevel: DEBUG
+
#Global ingress configuration
ingress:
enabled: false
# Client configuration related
caName: "RA"
requestURL: "https://aaf-cert-service:8443/v1/certificate/"
- outputType: "P12"
- requestTimeout: "20000"
+ requestTimeout: "30000"
keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
keystorePassword: "secret"
truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
enabled: false
modeling:
enabled: false
+a1policymanagement:
+ enabled: false
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-has:
- cd charts && helm dep up oof-has
- cd charts && helm dep up oof-cmso
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_password=demo123456!
-cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile
-cadi_truststore=/share/etc/certs//truststoreONAPall.jks
+++ /dev/null
-dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
-BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
-I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
-6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
-x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
-cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
-bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
-5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
-O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
-0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
-poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
-7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
--j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
-FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
-c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
-TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
-mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
-atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
-9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
-DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
-FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
-zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
-LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
-9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
-OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
-8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
-Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-cadi_latitude=0.00
-cadi_longitude=0.00
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_locate_url=https://aaf-locate:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/share/etc/certs/
-cadi_latitude=0.00
-cadi_longitude=0.00
-cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
- type: password
- password: ''
- policy: generate
- - uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- passwordPolicy: generate
-
-mariadb-galera:
- replicaCount: 1
- nameOverride: cmso-db
- service:
- type: ClusterIP
- name: oof-cmso-dbhost
- portName: cmso-dbhost
- nfsprovisionerPrefix: cmso
- sdnctlPrefix: cmso
- persistence:
- mountSubPath: cmso/data
- enabled: true
- disableNfsProvisioner: true
- config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
- externalConfig: |
- [mysqld]
- lower_case_table_names = 1
-
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
- truststorePassword:
- authentication: aaf-auth
- busyBoxImage: busybox:1.30
- busyBoxRepository: docker.io
-
-flavor: small
-
-config:
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
-
-oof-cmso-service:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: cmso
-
-oof-cmso-optimizer:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: optimizer
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.namespace=org.onap.oof
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.db.container }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
# Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
+ user: cmso-admin
+ password: pass
# userCredentialsExternalSecret: some-secret
# host: host
# container: container
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.namespace=org.onap.oof
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
# Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.db.container }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
# side car containers
- name: filebeat-onap
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
# Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
+ user: cmso-admin
+ password: pass
# userCredentialsExternalSecret: some-secret
# host: host
# container: container
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
#-------------------------------------------------------------------------------
# Copyright © 2017-2019 AT&T Intellectual Property.
# Modifications Copyright © 2018 IBM.
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-#
+#
+#
# Unless otherwise specified, all documentation contained herein is licensed
# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
# you may not use this documentation except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# https://creativecommons.org/licenses/by/4.0/
-#
+#
# Unless required by applicable law or agreed to in writing, documentation
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# limitations under the License.
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: proprietary-auth
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
authentication: proprietary-auth
subChartsOnly:
enabled: true
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# Copyright (c) 2019 AT&T Intellectual Property.
# =======================================================================
# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
+# not use this file except in compliance with the License. You may obtain a
# copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
# permissions and limitations under the License.
# ============LICENSE_END=================================================
-#
+#
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
#-------------------------------------------------------------------------------
# Copyright © 2017-2019 AT&T Intellectual Property.
# Modifications Copyright © 2018 IBM.
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-#
+#
+#
# Unless otherwise specified, all documentation contained herein is licensed
# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
# you may not use this documentation except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# https://creativecommons.org/licenses/by/4.0/
-#
+#
# Unless required by applicable law or agreed to in writing, documentation
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# limitations under the License.
#-------------------------------------------------------------------------------
cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+aaf.namespace=org.onap.oof
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- name: JAVA_TRUSTSTORE_PASSWORD
value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: {{ include "common.fullname" . }}-logs
mountPath: /share/logs
- name: {{ include "common.fullname" . }}-logs
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
subChartsOnly:
enabled: true
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso-optimizer
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-optimizer'
+ condition: oof-cmso-optimizer.enabled
+ - name: oof-cmso-service
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-service'
+ condition: oof-cmso-service.enabled
+ - name: oof-cmso-ticketmgt
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-ticketmgt'
+ condition: oof-cmso-ticketmgt.enabled
+ - name: oof-cmso-topology
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-topology'
+ condition: oof-cmso-topology.enabled
--- /dev/null
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
+ - uid: cmso-db-secret
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
+ passwordPolicy: generate
+
+mariadb-galera:
+ replicaCount: 1
+ nameOverride: &containerName cmso-db
+ service:
+ type: ClusterIP
+ name: &serviceName oof-cmso-dbhost
+ portName: cmso-dbhost
+ nfsprovisionerPrefix: cmso
+ sdnctlPrefix: cmso
+ persistence:
+ mountSubPath: cmso/data
+ enabled: true
+ disableNfsProvisioner: true
+ config:
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
+ externalConfig: |
+ [mysqld]
+ lower_case_table_names = 1
+
+global:
+ commonConfigPrefix: "oof-cmso"
+ truststoreFile: "truststoreONAPall.jks"
+ keystoreFile: "org.onap.oof.jks"
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ truststorePassword:
+ authentication: aaf-auth
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
+
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
+flavor: small
+
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ db:
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
+
+#sub-charts configuration
+certInitializer: &certInitConfig
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /share/etc/osaaf
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
+ find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \;
+
+oof-cmso-service:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-service-cert-initializer
+ config:
+ db:
+ userCredentialsExternalSecret: *serviceDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-optimizer-cert-initializer
+ config:
+ enabled: true
+ db:
+ userCredentialsExternalSecret: *optimizerDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
+
+oof-cmso-topology:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-topology-cert-initializer
+
+oof-cmso-ticketmgt:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-ticketmgt-cert-initializer
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- oof-has-controller
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-has-sms-readiness
fieldPath: metadata.namespace
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.key
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: log.conf
- key: AAF_RootCA.cer
path: AAF_RootCA.cer
- - key: org.onap.oof.key
- path: org.onap.oof.key
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
global: # global defaults
nodePortPrefix: 302
+ image:
+ optf_has: onap/optf-has:2.0.4
service:
type: NodePort
initialDelaySeconds: 10
periodSeconds: 10
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-has-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/bitnami/nginx/ssl
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
ingress:
enabled: false
-# Copyright © 2020 Samsung Electronics
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-cont-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.0.4
+
ingress:
enabled: false
replicaCount: 1
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-data-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.0.4
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.0.4
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- music-springboot
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-onboard"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-oof-has-healthcheck"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ readinessImage: onap/oom/readiness:3.0.1
+ repository: nexus3.onap.org:10001
+ image:
+ optf_has: onap/optf-has:2.0.4
+
ingress:
enabled: false
replicaCount: 1
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: music
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-has-api
+ version: ~6.x-0
+ repository: 'file://components/oof-has-api'
+ condition: oof-has-api.enabled
+ - name: oof-has-controller
+ version: ~6.x-0
+ repository: 'file://components/oof-has-controller'
+ condition: oof-has-controller.enabled
+ - name: oof-has-data
+ version: ~6.x-0
+ repository: 'file://components/oof-has-data'
+ condition: oof-has-data.enabled
+ - name: oof-has-reservation
+ version: ~6.x-0
+ repository: 'file://components/oof-has-reservation'
+ condition: oof-has-reservation.enabled
+ - name: oof-has-solver
+ version: ~6.x-0
+ repository: 'file://components/oof-has-solver'
+ condition: oof-has-solver.enabled
listen 8091 ssl;
server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key;
+ ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt;
+ ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- oof-has-api
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthcheck.json
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
release: {{ include "common.release" . }}
spec:
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "music-springboot"
apiVersion: v1
fieldPath: metadata.namespace
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-music-cassandra-job-config"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-music-db-readiness
containers:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: onboard.json
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
# Global configuration defaults.
#################################################################
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- readiness: oomk8s/readiness-check:2.0.0
optf_has: onap/optf-has:2.0.4
filebeat: docker.elastic.co/beats/filebeat:5.5.0
+ persistence:
+ enabled: true
pullPolicy: Always
nodePortPrefix: 302
cpu: 1000m
unlimited: {}
+#component overrides
+oof-has-api:
+ enabled: true
+oof-has-controller:
+ enabled: true
+oof-has-data:
+ enabled: true
+oof-has-reservation:
+ enabled: true
+oof-has-solver:
+ enabled: true
+
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso'
+ condition: oof-cmso.enabled
+ - name: oof-has
+ version: ~6.x-0
+ repository: 'file://components/oof-has'
+ condition: oof-has.enabled
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
+ ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- policy-xacml-pdp
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
-
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
name: {{ include "common.fullname" . }}-config
subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/org.onap.oof.crt
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/app/ssl_cert/org.onap.oof.key
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.key
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
- - key: org.onap.oof.key
- path: org.onap.oof.key
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
affinity: {}
# Resource Limit flavor -By Default using small
flavor: small
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-osdf-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/osdf/osaaf
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
# Segregation for Different environment (Small and Large)
resources:
small:
port: 8698
config:
ssl: "redirect"
+
+#component overrides
+
+oof-cmso:
+ enabled: true
+oof-has:
+ enabled: true
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-pnda-mirror
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy Administration Point
+description: ONAP Policy
name: policy
version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-PROPS_BUILD="${POLICY_HOME}/etc/build.info"
-
-PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties"
-PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties"
-
-
-if [ ! -f "${PROPS_BUILD}" ]; then
- echo "error: version information does not exist: ${PROPS_BUILD}"
- exit 1
-fi
-
-source "${POLICY_HOME}/etc/build.info"
-
-if [ -z "${version}" ]; then
- echo "error: no version information present"
- exit 1
-fi
-
-for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do
- if [ ! -f "${CONFIG}" ]; then
- echo "warning: configuration does not exist: ${CONFIG}"
- else
- sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}"
- fi
-done
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# BRMSpep component installation configuration parameters
-BRMSGW_JMX_PORT=9989
-
-COMPONENT_X_MX_MB=1024
-COMPONENT_X_MS_MB=1024
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-M2_HOME=/usr/share/java/maven-3
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryName=Snapshots
-snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryName=Releases
-releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=${REPOSITORY_USERNAME}
-repositoryPassword=${REPOSITORY_PASSWORD}
-UEB_URL=message-router
-UEB_TOPIC=PDPD-CONFIGURATION
-UEB_API_KEY=
-UEB_API_SECRET=
-
-groupID=org.onap.policy-engine
-artifactID=drlPDPGroup
-AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam
-AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules
-
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=brmsgw_1
-node_type=brms_gateway
-
-#Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=TEST
-
-#Notification Properties... type can be either websocket, ueb, or dmaap
-BRMS_NOTIFICATION_TYPE=websocket
-BRMS_UEB_URL=message-router
-BRMS_UEB_TOPIC=PDPD-CONFIGURATION
-BRMS_UEB_DELAY=
-BRMS_CLIENT_ID=python
-BRMS_CLIENT_KEY=dGVzdA==
-BRMS_UEB_API_KEY=
-BRMS_UEB_API_SECRET=
-
-#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.4
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.6
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-brmsgw
- name: pe-brmsgw-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-brmsgw
- name: pe-brmsgw
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - brmsgw
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh
- name: pe-brmsgw
- subPath: brmsgw-tweaks.sh
- - mountPath: /tmp/policy-install/config/brmsgw.conf
- name: pe-brmsgw
- subPath: brmsgw.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-brmsgw-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-brmsgw
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
- - uid: nexus-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
- login: '{{ .Values.nexus.repositoryUsername }}'
- password: '{{ .Values.nexus.repositoryPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- papPort: 9091
- pdpPort: 8081
- nexusPort: 8081
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-nexus:
- repositoryUsername: admin
- repositoryPassword: admin123
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: brmsgw
- portName: brmsgw
- externalPort: 9989
- internalPort: 9989
- nodePort: 16
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 0.5Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 20m
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Drools Policy Engine
-name: drools
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# feature-healthcheck
-# ================================================================================
-# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-http.server.services=HEALTHCHECK
-http.server.services.HEALTHCHECK.host=0.0.0.0
-http.server.services.HEALTHCHECK.port=6969
-http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
-http.server.services.HEALTHCHECK.managed=false
-http.server.services.HEALTHCHECK.swagger=true
-http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
-http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
-http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
-http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-
-http.client.services=PAP
-
-http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
-http.client.services.PAP.port=9091
-http.client.services.PAP.contextUriPath=pap/test
-http.client.services.PAP.https=true
-http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
-http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
-
-http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
-http.client.services.PDP.port=8081
-http.client.services.PDP.contextUriPath=pdp/test
-http.client.services.PDP.https=true
-http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
-http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pdp-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pdp component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9991
-TOMCAT_SHUTDOWN_PORT=8087
-SSL_HTTP_CONNECTOR_PORT=8081
-SSL_AJP_CONNECTOR_PORT=8381
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pdp properties
-
-UEB_CLUSTER=message-router
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
-REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
-REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
-REST_PDP_REGISTER=true
-REST_PDP_REGISTER_SLEEP=15
-REST_PDP_REGISTER_RETRIES=-1
-REST_PDP_MAXCONTENT=999999999
-
-# PDP related properties
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-node_type=pdp_xacml
-resource_name=pdp_1
-dependency_groups=brmsgw_1
-test_via_jmx=true
-
-#
-# Notification Properties
-# Notification type: websocket, ueb or dmaap... if left blank websocket is the default
-PDP_NOTIFICATION_TYPE=websocket
-PDP_UEB_CLUSTER=
-PDP_UEB_TOPIC=
-PDP_UEB_DELAY=
-PDP_UEB_API_KEY=
-PDP_UEB_API_SECRET=
-PDP_DMAAP_AAF_LOGIN=
-PDP_DMAAP_AAF_PASSWORD=
-
-#AAF Policy Name space
-#Required only, when we use AAF
-POLICY_AAF_NAMESPACE=
-POLICY_AAF_RESOURCE=
-
-# Indeterminate resolution
-DECISION_INDETERMINATE_RESPONSE=PERMIT
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9997
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
-LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=pdplp_1
+++ /dev/null
-
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/pdp",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1"
- },
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
- clusterIP: None
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-pdp
- name: pe-pdp-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-pdp
- name: pe-pdp
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pdp
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp-input
- subPath: pdp-tweaks.sh
- - mountPath: /tmp/policy-install/config/pdplp.conf
- name: pe-pdp
- subPath: pdplp.conf
- - mountPath: /tmp/policy-install/config/pdp.conf
- name: pe-pdp
- subPath: pdp.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pdp-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-pdp
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-
-config:
- papPort: 9091
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: pdp
- portName: pdp
- internalPort: 8081
- externalPort: 8081
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
+++ /dev/null
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
- comps="base pap paplp console mysql elk"
- ;;
-pdp)
- comps="base pdp pdplp"
- ;;
-brmsgw)
- comps="base brmsgw"
- ;;
-*)
- echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
- exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
- echo "Found existing installation, will not reinstall"
- . /opt/app/policy/etc/profile.d/env.sh
-
-else
- if [[ -d config ]]; then
- cp config/*.conf .
- fi
-
- for comp in $comps; do
- echo "Installing component: $comp"
- ./docker-install.sh --install $comp
- done
- for comp in $comps; do
- echo "Configuring component: $comp"
- ./docker-install.sh --configure $comp
- done
-
- . /opt/app/policy/etc/profile.d/env.sh
-
- # install keystore
- # override the policy keystore and truststore if present
- if [[ -f config/policy-keystore ]]; then
- cp config/policy-keystore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/$container-tweaks.sh ]] ; then
- # file may not be executable; running it as an
- # argument to bash avoids needing execute perms.
- bash config/$container-tweaks.sh
- fi
-
- if [[ $container == pap ]]; then
- # wait for DB up
- # now that DB is up, invoke database upgrade
- # (which does nothing if the db is already up-to-date)
- if [[ -v JDBC_USER ]]; then
- dbuser=${JDBC_USER};
- else
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- fi
-
- if [[ -v JDBC_PASSWORD ]]; then
- dbpw=${JDBC_PASSWORD}
- else
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
- fi
- db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
- fi
-
-fi
-
-policy.sh start
-sleep 1000d
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: <onap-app>
- externalPort: <8080>
- #Example internal target port if required
- #internalPort: <80>
- nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
env:
- name: TRUSTSTORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
- - -c
- - /home/apexuser/config/OnapPfConfig.json
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /home/apexuser/config
name: apexconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
#################################################################
global:
nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence: {}
#################################################################
password: '{{ .Values.restServer.password }}'
- uid: truststore-pass
type: password
- externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
- password: '{{ .Values.truststore.password }}'
- policy: required
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.0
+image: onap/policy-apex-pdp:2.4.1
pullPolicy: Always
# flag to enable debugging - application support required
password: zb!XztG34
truststore:
password: Pol1cy_0nap
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-apex-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 101
+ gid: 102
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
enabled: false
# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+flavor: small
resources:
small:
limits:
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/metric.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty" level="ERROR" />
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefix: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-api-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.0
+image: onap/policy-api:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"receptionHandlerConfigurationName":"sdcConfiguration",
"pluginHandlerParameters":{
"policyDecoders":{
- "HpaDecoder":{
- "decoderType":"HpaDecoder",
- "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa",
- "decoderConfigurationName": "csarToOptimizationPolicyConfiguration"
- },
"ToscaPolicyDecoder":{
"decoderType":"ToscaPolicyDecoder",
"decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
}
},
"policyDecoderConfigurationParameters":{
- "csarToOptimizationPolicyConfiguration":{
- "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters",
- "parameters":{
- "policyNamePrefix": "oofCasablanca",
- "onapName": "OOF",
- "version": "1.0",
- "priority": "3",
- "riskType": "Test",
- "riskLevel": "2"
- }
- },
"toscaPolicyDecoderConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
"parameters":{
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
-apiVersion: extensions/v1beta1
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Global configuration defaults.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.0
+image: onap/policy-distribution:2.4.1
pullPolicy: Always
# flag to enable debugging - application support required
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-distribution-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
+version: 6.0.0
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
- - name: music
+ - name: certInitializer
version: ~6.x-0
repository: '@local'
# nexus repository
SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
-SQL_HOST={{ .Values.global.mariadb.service.name }}
+SQL_HOST={{ .Values.db.name }}
# AAF
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
POLICY_PDP_PAP_GROUP=defaultGroup
+POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
# Symmetric Key for encoded sensitive data
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/metric.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricStdOut" />
+ </appender>
+
+ <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionStdOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="AsyncMetricStdOut" />
+ <appender-ref ref="AsyncTransactionStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+{{- if not .Values.global.aafEnabled }}
KEYSTORE_PASSWD={{.Values.keystore.password}}
+{{- end }}
+
TRUSTSTORE_PASSWD={{.Values.truststore.password}}
TELEMETRY_USER={{.Values.telemetry.user}}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
binaryData:
{{- range $path, $bytes := . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
+ - command:
+ - /app/ready.py
args:
- --container-name
- - {{ include "common.release" . }}-galera-config
- - --container-name
- - {{ .Values.global.nexus.nameOverride }}
+ - {{ .Values.nexus.name }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
ports:
- containerPort: {{ .Values.service.externalPort }}
- containerPort: {{ .Values.service.externalPort2 }}
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: drools-config
subPath: {{ base $path }}
{{- end }}
- - mountPath: /var/log/onap
- name: policy-logs
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.0
+image: onap/policy-pdpd-cl:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
- name: drools
- portName: drools
+ name: policy-drools-pdp
+ portName: policy-drools-pdp
internalPort: 6969
externalPort: 6969
nodePort: 17
# Default installation values to be overridden
+certInitializer:
+ nameOverride: policy-drools-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 1000
+ gid: 1000
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
server:
jvmOpts: -server -XshowSettings:vm
password: demo123456!
nexus:
+ name: policy-nexus
+ port: 8081
user: admin
password: admin123
- port: 8081
offline: true
db:
+ name: policy-mariadb
user: policy_user
password: policy_user
svcPort: 9111
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Nexus
-name: nexus
+name: policy-nexus
version: 6.0.0
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
- mountPath: /sonatype-work
name: nexus-data
resources:
-{{ include "common.resources" . | indent 12 }}
+{{- if eq .Values.resources.flavor "large" }}
+{{ toYaml .Values.resources.large | indent 12 }}
+{{- else }}
+{{ toYaml .Values.resources.small | indent 12 }}
+{{- end -}}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
persistence: {}
service:
type: ClusterIP
- name: nexus
- portName: nexus
+ name: policy-nexus
+ portName: policy-nexus
externalPort: 8081
internalPort: 8081
nodePort: 36
accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: nexus/data
+ mountSubPath: policy/nexus/data
-# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+# Resource Limit flavor - By Default using small
resources:
+ flavor: small
small:
limits:
cpu: 1
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Administration (PAP)
-name: pap
+name: policy-pap
version: 6.0.0
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
-apiVersion: extensions/v1beta1
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- - --container-name
- - {{ .Values.global.mariadb.service.name }}
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
name: papconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefixExt: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-pap-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.0
+image: onap/policy-pap:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
healthCheckRestClient:
api:
user: healthcheck
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v1
-description: ONAP Policy XACML PDP
+description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
# JPA Properties
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
-apiVersion: extensions/v1beta1
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir:
medium: Memory
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-xacml-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.0
+image: onap/policy-xacml-pdp:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
apiServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: policy-nexus
+ version: ~6.x-0
+ repository: 'file://components/policy-nexus'
+ condition: policy-nexus.enabled
+ - name: policy-api
+ version: ~6.x-0
+ repository: 'file://components/policy-api'
+ condition: policy-api.enabled
+ - name: policy-pap
+ version: ~6.x-0
+ repository: 'file://components/policy-pap'
+ condition: policy-pap.enabled
+ - name: policy-xacml-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-xacml-pdp'
+ condition: policy-xacml-pdp.enabled
+ - name: policy-apex-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-apex-pdp'
+ condition: policy-apex-pdp.enabled
+ - name: policy-drools-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-drools-pdp'
+ condition: policy-drools-pdp.enabled
+ - name: policy-distribution
+ version: ~6.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+#!/bin/bash -x
# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash -xv
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--
- Logback files for the ECOMP SDK Application "ecomp_app"
- are created in directory ${catalina.base}/logs/ecomp_app;
- e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log
- -->
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="ep_sdk_app" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!--
- These loggers are not used in code (yet).
- <property name="securityLogName" value="security" />
- <property name="policyLogName" value="policy" />
- <property name="performanceLogName" value="performance" />
- <property name="serverLogName" value="server" />
- -->
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
- <queueSize>${queueSize}</queueSize>
- <!-- Class name is part of caller data -->
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pap-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# configs component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9993
-TOMCAT_SHUTDOWN_PORT=8090
-SSL_HTTP_CONNECTOR_PORT=8443
-SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
-SSL_AJP_CONNECTOR_PORT=8383
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=2048
-TOMCAT_X_MX_MB=2048
-
-# ------------------ console properties ---------------------------
-
-#
-# Authorization Policy
-
-ROOT_POLICIES=admin
-ADMIN_FILE=Policy-Admin.xml
-
-
-# Set your domain here:
-
-REST_ADMIN_DOMAIN=com
-
-#
-# Location where the GIT repository is located
-#
-REST_ADMIN_REPOSITORY=repository
-
-#
-# Location where all the user workspaces are located.
-#
-REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace
-
-#
-# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
-# container and setup authentication as you please. Setting HttpSession attribute values will override these
-# values set in the properties files.
-#
-# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
-#
-# The default policy: Policy-Admin.xml is extremely simple.
-#
-# You can test authorization within the Admin Console by changing the user id.
-# There are 3 supported user ids:
-# guest - Read only access
-# editor - Read/Write access
-# admin - Read/Write/Admin access
-#
-# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
-#
-# This is for development/demonstration purposes only. A production environment should provide authentication which is
-# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
-# within this application.
-#
-
-REST_ADMIN_USER_NAME=Administrator
-REST_ADMIN_USER_ID=super-admin
-
-#
-#
-# Property to declare the max time frame for logs.
-#
-LOG_TIMEFRAME=30
-
-# Property to declare the number of visible rows for users in MicroService Policy
-COLUMN_COUNT=3
-
-# Dashboard refresh rate in miliseconds
-REFRESH_RATE=40000
-
-#
-# URL location for the PAP servlet.
-#
-
-
-REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/
-
-#
-# Config/Action Properties location.
-#
-
-REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/
-REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/
-REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/
-REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/
-
-# PAP account information
-CONSOLE_PAP_HTTP_USER_ID=testpap
-CONSOLE_PAP_HTTP_PASSWORD=alpha123
-
-
-node_type=pap_admin
-resource_name=console_1
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
-
-#Automatic Policy Distribution
-automatic_push=false
-
-#Diff of policies for Firewall feature
-FW_GETURL=
-FW_AUTHOURL=
-FW_PROXY=
-FW_PORT=
-
-#SMTP Server Details for Java Mail
-onap_smtp_host=
-onap_smtp_port=25
-onap_smtp_userName=
-onap_smtp_password=
-onap_smtp_emailExtension=
-onap_application_name=
-
-#-----------------------ONAP-PORTAL-Properties----------------------
-
-ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
-ONAP_UEB_URL_LIST=
-ONAP_PORTAL_INBOX_NAME=
-ONAP_UEB_APP_KEY=ueb_key_5
-ONAP_UEB_APP_SECRET=ueb_key_5
-ONAP_UEB_APP_MAILBOX_NAME=
-APP_DISPLAY_NAME=ONAP Policy
-ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# elasticsearch
-
-ELK_JMX_PORT=9995
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# mysql scripts component installation configuration parameters
-
-# Path to mysql bin
-MYSQL_BIN=/usr/local/mysql/bin
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pap component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9990
-TOMCAT_SHUTDOWN_PORT=9405
-SSL_HTTP_CONNECTOR_PORT=9091
-SSL_AJP_CONNECTOR_PORT=8380
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pap properties
-
-PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps
-PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-
-PAP_INITIATE_PDP=true
-PAP_HEARTBEAT_INTERVAL=10000
-PAP_HEARTBEAT_TIMEOUT=10000
-
-REST_ADMIN_DOMAIN=com
-REST_ADMIN_REPOSITORY=repository
-REST_ADMIN_WORKSPACE=workspace
-
-# PDP related properties
-PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
-PAP_PDP_HTTP_USER_ID=testpdp
-PAP_PDP_HTTP_PASSWORD=alpha123
-
-PAP_HTTP_USER_ID=testpap
-PAP_HTTP_PASSWORD=alpha123
-
-#new values added 10-21-2015
-PROP_PAP_TRANS_WAIT=500000
-PROP_PAP_TRANS_TIMEOUT=5000
-PROP_PAP_AUDIT_TIMEOUT=300000
-PROP_PAP_RUN_AUDIT_FLAG=true
-PROP_PAP_AUDIT_FLAG=true
-
-PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
-
-
-node_type=pap
-resource_name=pap_1
-dependency_groups=paplp_1
-test_via_jmx=true
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9996
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-LOGPATH=/var/log/onap/policy/pap/pap-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=paplp_1
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-db-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: pe
- - mountPath: /config
- name: pe-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pap
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PRELOAD_POLICIES
- value: "{{ .Values.config.preloadPolicies }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/pap-tweaks.sh
- name: pe-pap
- subPath: pap-tweaks.sh
- - mountPath: /tmp/policy-install/config/paplp.conf
- name: pe-pap
- subPath: paplp.conf
- - mountPath: /tmp/policy-install/config/pap.conf
- name: pe-pap
- subPath: pap.conf
- - mountPath: /tmp/policy-install/config/mysql.conf
- name: pe-pap
- subPath: mysql.conf
- - mountPath: /tmp/policy-install/config/elk.conf
- name: pe-pap
- subPath: elk.conf
- - mountPath: /tmp/policy-install/config/console.conf
- name: pe-pap
- subPath: console.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/policy-install/logback.xml
- name: policy-sdk-logback
- subPath: logback.xml
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: policy-sdk-logback
- configMap:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- - name: pe
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pap
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-galera-config
+ name: {{ include "common.release" . }}-policy-galera-config
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}-job
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
- --container-name
- {{ index .Values "mariadb-galera" "service" "name" }}
env:
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-galera-config
+ - name: {{ include "common.release" . }}-policy-galera-config
image: {{ .Values.mariadb_image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ resources:
+{{ include "common.resources" . }}
restartPolicy: Never
volumes:
- name: {{ include "common.fullname" . }}-config
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
- ubuntuImage: ubuntu:16.04
- pdp:
- nameOverride: pdp
- pap:
- nameOverride: pap
- drools:
- nameOverride: drools
- brmwgw:
- nameOverride: brmsgw
- nexus:
- nameOverride: nexus
+ readinessImage: onap/oom/readiness:3.0.1
+ aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
passwordPolicy: generate
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-mariadb_image: library/mariadb:10
-pullPolicy: Always
-
-subChartsOnly:
- enabled: true
-
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
-pap:
- nameOverride: pap
+policy-api:
+ enabled: true
db: *dbSecretsHook
-pdp:
- nameOverride: pdp
+policy-pap:
+ enabled: true
db: *dbSecretsHook
-drools:
- nameOverride: drools
+policy-xacml-pdp:
+ enabled: true
db: *dbSecretsHook
-brmsgw:
- nameOverride: brmsgw
+policy-apex-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-api:
+policy-drools-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-xacml-pdp:
+policy-distribution:
+ enabled: true
db: *dbSecretsHook
+policy-nexus:
+ enabled: false
-nexus:
- nameOverride: nexus
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+mariadb_image: library/mariadb:10
+pullPolicy: Always
+
+subChartsOnly:
+ enabled: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- preloadPolicies: false
- pdpPort: 8081
-
# default number of instances
replicaCount: 1
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- name: pap
- portName: pap
- internalPort: 8443
- externalPort: 8443
- nodePort: 19
- internalPort2: 9091
- externalPort2: 9091
- nodePort2: 18
-
-ingress:
- enabled: false
- service:
- - baseaddr: "policy.api"
- name: "pap"
- port: 8443
- config:
- ssl: "redirect"
-
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
config:
lower_case_table_names = 1
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
cpu: 1
memory: 4Gi
requests:
- cpu: 10m
+ cpu: 100m
memory: 1Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
- cpu: 20m
+ cpu: 200m
memory: 2Gi
unlimited: {}
+
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- message-router
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-search-data
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# application image
repository: nexus3.onap.org:10001
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- args:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
persistence: {}
#################################################################
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
# loggingRepository: docker.elastic.co
# loggingImage: beats/filebeat:5.5.0
<root>
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
<!-- <appender-ref ref="asyncEELFDebug" /> -->
</root>
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- pomba-elasticsearch
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# application image
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
# loggingRepository: docker.elastic.co
# loggingImage: beats/filebeat:5.5.0
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
repository: nexus3.onap.org:10001
config:
logstashServiceName: log-ls
logstashPort: 5044
-
music.atomic.get = false
music.atomic.put = true
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
cassandra.user={{.Values.cassandra.config.cassandraUsername}}
cassandra.password={{.Values.cassandra.config.cassandraPassword}}
spec:
initContainers:
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-portal-db-config
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
#AAF service
config:
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: volume-permissions
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql']
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: mariadb-data
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- name: SQL_SRC_DIR
value: {{ .Values.config.sqlSourceDirectory }}
- name: {{ include "common.name" . }}-oom-update-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
global: # global defaults
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
+ readinessImage: onap/oom/readiness:3.0.1
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
# application image
repository: nexus3.onap.org:10001
pullPolicy: Always
-mariadbInitImage: "mariadb-client-init:3.0.0"
+mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0"
# application configuration
config:
music.atomic.put = true
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
cassandra.user={{.Values.cassandra.config.cassandraUsername}}
cassandra.password={{.Values.cassandra.config.cassandraPassword}}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
config:
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInit: ubuntu-init:1.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Zookeeper for ONAP Portal
-name: portal-zookeeper
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
-
-
-# application image
-repository: nexus3.onap.org:10001
-image: zookeeper:3.4
-pullPolicy: Always
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: portal-zookeeper
- portName: portal-zk
- externalPort: 2181
- internalPort: 2181
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 100m
- memory: 200Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 600Mi
- unlimited: {}
- name: portal-widget
version: ~6.x-0
repository: 'file://components/portal-widget'
- - name: portal-zookeeper
- version: ~6.x-0
- repository: 'file://components/portal-zookeeper'
config:
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
ingress:
- enabled: false
\ No newline at end of file
+ enabled: false
+++ /dev/null
-# Eclipse
-.classpath
-.factorypath
-.project
-.pydevproject
-.settings/
-
-# IntelliJ
-.idea/*
-*.iml
-
-# Mac OS
-*DS_Store*
-
-/target
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
-spec:
- selector:
- matchLabels:
- app: healthy
- version: 1.0.0
- template:
- metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
- spec:
- containers:
- - args:
- - --container-name
- - hbase
- command:
- - /root/ready.py
- image: oomk8s/readiness-check:2.0.0
- imagePullPolicy: Always
- name: healthy
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+++ /dev/null
-<!--
-
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
--->
-<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.onap.oparent</groupId>
- <artifactId>oparent</artifactId>
- <version>2.0.0</version>
- </parent>
-
- <groupId>org.onap.oom.readiness.check</groupId>
- <artifactId>readiness-check-docker</artifactId>
- <version>2.2.1-SNAPSHOT</version>
- <packaging>pom</packaging>
- <name>oom-readiness-check-image</name>
- <description>Contains dockerfiles and scrtipts for readiness-ckeck image.</description>
-
- <properties>
- <docker.fabric.version>0.31.0</docker.fabric.version>
- <oom.docker.namespace>onap</oom.docker.namespace>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <version>${docker.fabric.version}</version>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <images>
- <image>
- <name>${docker.push.registry}/${oom.docker.namespace}/readiness-check:%l</name>
- <build>
- <filter>@</filter>
- <assembly>
- <mode>dir</mode>
- <inline xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
- <fileSets>
- <fileSet>
- <directory>${project.basedir}/src/main/scripts</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- </fileSets>
- </inline>
- </assembly>
- <tags>
- <tag>latest</tag>
- <tag>latest-${project.version}</tag>
- </tags>
- <cleanup>try</cleanup>
- <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir>
- </build>
- </image>
- </images>
- </configuration>
- <executions>
- <execution>
- <id>clean-images</id>
- <phase>pre-clean</phase>
- <goals>
- <goal>remove</goal>
- </goals>
- <configuration>
- <removeAll>true</removeAll>
- </configuration>
- </execution>
- <execution>
- <id>generate-images</id>
- <phase>package</phase>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- <execution>
- <id>push-images</id>
- <phase>deploy</phase>
- <goals>
- <goal>push</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
\ No newline at end of file
+++ /dev/null
-FROM python:3-alpine3.9
-
-ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
-# Setup Corporate proxy
-ENV https_proxy ${HTTPS_PROXY}
-ENV http_proxy ${HTTP_PROXY}
-
-RUN pip install requests pyyaml kubernetes
-
-ENV CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-ENV TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token"
-
-COPY maven/ /root/
-RUN chmod -R a+x /root/
-
-ENTRYPOINT ["/root/ready.py"]
-CMD [""]
\ No newline at end of file
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- response = ""
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container job complete check utility"
-USAGE = "Usage: job_complete.py [-t <timeout>] -j <job_name> " \
- "[-j <job_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container job complete timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<job_name> - name of the job to wait for\n"
-
-
-def main(argv):
- # args are a list of job names
- job_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hj:t:", ["job-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-j", "--job-name"):
- job_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if job_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for job_name in job_names:
- timeout = time.time() + timeout * 60
- while True:
- complete = is_job_complete(job_name)
- if complete is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + job_name +
- "' to be completed")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-coreV1Api = client.CoreV1Api(client.ApiClient(configuration))
-api_instance = client.ExtensionsV1beta1Api(client.ApiClient(configuration))
-api = client.AppsV1beta1Api(client.ApiClient(configuration))
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- log.info(job_name + " is complete")
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-def wait_for_statefulset_complete(statefulset_name):
- try:
- response = api.read_namespaced_stateful_set(statefulset_name, namespace)
- s = response.status
- if (s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Statefulset " + statefulset_name + " is ready")
- return True
- else:
- log.info("Statefulset " + statefulset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for Statefulset status: %s\n" % e)
-
-
-def wait_for_deployment_complete(deployment_name):
- try:
- response = api.read_namespaced_deployment(deployment_name, namespace)
- s = response.status
- if (s.unavailable_replicas is None and
- ( s.updated_replicas is None or s.updated_replicas == response.spec.replicas ) and
- s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Deployment " + deployment_name + " is ready")
- return True
- else:
- log.info("Deployment " + deployment_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for deployment status: %s\n" % e)
-
-
-def wait_for_daemonset_complete(daemonset_name):
- try:
- response = api_instance.read_namespaced_daemon_set(daemonset_name, namespace)
- s = response.status
- if s.desired_number_scheduled == s.number_ready:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is ready")
- return True
- else:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for DaemonSet status: %s\n" % e)
-
-
-def is_ready(container_name):
- ready = False
- log.info("Checking if " + container_name + " is ready")
- try:
- response = coreV1Api.list_namespaced_pod(namespace=namespace,
- watch=False)
- for i in response.items:
- # container_statuses can be None, which is non-iterable.
- if i.status.container_statuses is None:
- continue
- for s in i.status.container_statuses:
- if s.name == container_name:
- name = read_name(i)
- if i.metadata.owner_references[0].kind == "StatefulSet":
- ready = wait_for_statefulset_complete(name)
- elif i.metadata.owner_references[0].kind == "ReplicaSet":
- deployment_name = get_deployment_name(name)
- ready = wait_for_deployment_complete(deployment_name)
- elif i.metadata.owner_references[0].kind == "Job":
- ready = is_job_complete(name)
- elif i.metadata.owner_references[0].kind == "DaemonSet":
- ready = wait_for_daemonset_complete(i.metadata.owner_references[0].name)
-
- return ready
-
- else:
- continue
- return ready
- except Exception as e:
- log.error("Exception when calling list_namespaced_pod: %s\n" % e)
-
-
-def read_name(item):
- return item.metadata.owner_references[0].name
-
-
-def get_deployment_name(replicaset):
- api_response = api_instance.read_namespaced_replica_set_status(replicaset,
- namespace)
- deployment_name = read_name(api_response)
- return deployment_name
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container readiness check utility"
-USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> " \
- "[-c <container_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container readiness timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<container_name> - name of the container to wait for\n"
-
-
-def main(argv):
- # args are a list of container names
- container_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hc:t:", ["container-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-c", "--container-name"):
- container_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if container_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for container_name in container_names:
- timeout = time.time() + timeout * 60
- while True:
- ready = is_ready(container_name)
- if ready is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + container_name +
- "' to be ready")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
-
-Subproject commit ad58ed92bd7c5cc7d51c09b405a99fd360ff5268
+Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE Backend client of TOSCALAB and SDC
-name: sdc-dcae-be
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-be"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-be/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/conf/composition
- port: {{ .Values.service.internalPort2 }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-tools
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.4
-pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 240
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 240
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-dcae-be
- portName: sdc-dcae-be-8082
- externalPort: 8082
- internalPort: 8082
- portName2: sdc-dcae-be-8444
- externalPort2: 8444
- internalPort2: 8444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdc.dcae.plugin"
- name: "sdc-dcae-be"
- port: 8282
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE desiner composition tool for creating customized templates
-name: sdc-dcae-dt
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-dt"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-dt/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-dt",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.4
-pullPolicy: IfNotPresent
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdc-dcae-dt
- portName: dcae-dt
- nodePort: "66"
- internalPort: 9446
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-dt"
- port: 9446
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2013 Amdocs, AT&T,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE UI for service monitoring and MC create and configure
-name: sdc-dcae-fe
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-fe"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-fe/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-gui",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.4
-pullPolicy: Always
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: sdc-dcae-fe
- portName: dcae-fe
- nodePort: "64"
- internalPort: 9444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 9444
- config:
- ssl: "redirect"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Tosca model for component monitoring and descriptors deployment
-name: sdc-dcae-tosca-lab
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-dcae-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /healthcheck
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-dcae-tosca-lab
- portName: sdc-dcae-tosca-lab-8085
- externalPort: 8085
- internalPort: 8085
- portName2: sdc-dcae-tosca-lab-8445
- externalPort2: 8445
- internalPort2: 8445
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-pluginsList:
- - pluginId: DCAED
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}"
- pluginStateUrl: "dcaed"
- pluginDisplayOptions:
- context:
- displayName: "Monitoring"
- displayContext: ["SERVICE"]
- displayRoles: ["DESIGNER"]
- - pluginId: DCAE-DS
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}"
- pluginStateUrl: "dcae-ds"
- pluginDisplayOptions:
- tab:
- displayName: "DCAE-DS"
- displayRoles: ["DESIGNER"]
- - pluginId: WORKFLOW
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
- pluginStateUrl: "workflowDesigner"
- pluginDisplayOptions:
- tab:
- displayName: "WORKFLOW"
- displayRoles: ["DESIGNER", "TESTER"]
-
-connectionTimeout: 1000
\ No newline at end of file
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.cert.persistence.size}}
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.cert.persistence.annotations }}
- annotations:
-{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.cert.persistence.size }}
-{{- end -}}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{{ include "common.ingress" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "sdc-onboarding-be"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: cassandra_ssl_enabled
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdc-be
mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
# flag to enable debugging - application support required
debugEnabled: false
+#environment file
+env:
+ name: AUTO
+
+certInitializer:
+ nameOverride: sdc-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# SDC Config part
+#################################################################
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: '@local'
\ No newline at end of file
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
{{- if .Values.global.cassandra.localCluster }}
mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: RELEASE
value: {{ .Values.config.release }}
- name: SDC_USER
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
maxHeapSize: "1536M"
heapNewSize: "512M"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+pluginsList:
+ - pluginId: WORKFLOW
+ pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
+ pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
+ pluginStateUrl: "workflowDesigner"
+ pluginDisplayOptions:
+ tab:
+ displayName: "WORKFLOW"
+ displayRoles: ["DESIGNER", "TESTER"]
+
+connectionTimeout: 1000
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-be-config-backend
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
spec:
type: {{ .Values.service.type }}
ports:
- {{ if not .Values.global.security.disableHttp }}
+ {{ if not .Values.security.disableHttp }}
# setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
+#environment file
+env:
+ name: AUTO
+
+security:
+ disableHttp: true
+
# default number of instances
replicaCount: 1
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
dependencies:
- - name: common
+ - name: certInitializer
version: ~6.x-0
repository: '@local'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
- - name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "/onboard/cert"
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: SDC_CLUSTER_NAME
- value: "SDC-CS-{{ .Values.global.env.name }}"
+ value: "SDC-CS-{{ .Values.env.name }}"
- name: cassandra_ssl_enabled
value: {{ .Values.config.cassandraSslEnabled | quote }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
lifecycle:
postStart:
exec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-cs-config-cassandra
mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ persistence: {}
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-onboarding-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
javaOptions: "-Xmx1g -Xms1g"
cassandraSslEnabled: "false"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.fullname" . }}-workflow-init
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
+ export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+ export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-be.internalPort" . }}
# disable liveness probe when breakpoints set in debugger
value: "{{ .Values.config.serverSSLEnabled }}"
- name: SERVER_SSL_KEYSTORE_TYPE
value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_KEYSTORE_PATH
- value: "{{ .Values.config.serverSSLKeyStorePath }}"
- - name: SERVER_SSL_KEY_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_PATH
- value: "{{ .Values.config.serverSSLTrustStorePath }}"
- - name: SERVER_SSL_TRUST_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- volumeMounts:
- - name: sdc-cert
- mountPath: /keystore
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /truststore
- subPath: org.onap.sdc.trust.jks
- volumes:
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-sdc-cs-config-cassandra
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
-
sdcProtocol: HTTPS
sdcEndpoint: sdc-be:8443
sdcExternalUser: workflow
-
serverSSLEnabled: true
-
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /home/sdc/etc/keystore
-
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /home/sdc/etc/truststore
-
cassandraSSLEnabled: false
cassandraTrustStorePath: /home/sdc/etc/truststore
+# environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
externalPort2: 8443
nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
-
ingress:
enabled: false
service:
port: 8443
config:
ssl: "redirect"
-
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "sdc-wfd-be"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-move-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+ export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- name: IS_HTTPS
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- - name: TRUSTSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- - name: KEYSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- name: TRUST_ALL
value: "{{ .Values.config.isTrustAll}}"
{{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ subpath: mycreds.prop
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+ subPath: {{ .Values.certInitializer.keystoreFile }}
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+ subPath: {{ .Values.certInitializer.truststoreFile }}
+ {{ end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+ name: AUTO
+
security:
isDefaultStore: false
- truststoreFilename: "org.onap.sdc.trust.jks"
- keystoreFilename: "org.onap.sdc.p12"
- storePath: "etc"
# default number of instances
replicaCount: 1
# limitations under the License.
dependencies:
- - name: common
+ - name: sdc-be
version: ~6.x-0
- repository: '@local'
-
- - name: cassandra
+ repository: 'file://components/sdc-be'
+ - name: sdc-cs
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- condition: global.cassandra.localCluster
-
+ repository: 'file://components/sdc-cs'
+ - name: sdc-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-fe'
+ - name: sdc-onboarding-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-onboarding-be'
+ - name: sdc-wfd-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-be'
+ condition: sdc-wfd.enabled
+ - name: sdc-wfd-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-fe'
+ condition: sdc-wfd.enabled
\ No newline at end of file
{
- "name": "{{ .Values.global.env.name }}",
- "description": "OpenSource-{{ .Values.global.env.name }}",
+ "name": "{{ .Values.env.name }}",
+ "description": "OpenSource-{{ .Values.env.name }}",
"cookbook_versions": {
"Deploy-SDandC": "= 1.0.0"
},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
- "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}",
- "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
- "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
"interfaces": {
"application": "eth0",
},
"jetty": {
"keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}"
+ "truststore_pwd": "${TRUSTSTORE_PASS}",
+ "keymanager_pwd": "${KEYMANAGER_PASS}"
}
}
}
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: sdc-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
global:
persistence: {}
- env:
- name: AUTO
secrets:
sdc_user: YXNkY191c2Vy
sdc_password: QWExMjM0JV4h
ubuntuInitImage: ubuntu-init:1.0.0
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
+ aafEnabled: true
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
security:
disableHttp: true
envsubstImage: dibi/envsubst
+
+# Environment file
+env:
+ name: AUTO
+
config:
logstashServiceName: log-ls
logstashPort: 5044
persistence:
mountSubPath: sdc/sdc-cs/CS
enabled: true
+
+# dependency / sub-chart configuration
+sdc-wfd:
+ enabled: true
\ No newline at end of file
.project
.idea/
*.tmproj
+# avoid 1MB limit
+components/
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{
- "MainMenu": "gamma",
- "dbConnLimit": "100",
- "home": "/opt/admportal",
- "sslEnabled": "true",
- "nonSslPort": "8543",
- "ConexusNetworkPort": "{{.Values.service.internalPort}}",
- "AppNetworkPort": "8543",
- "clusterPort": "8443",
- "serviceHomingServiceType": "SDN-ETHERNET-INTERNET",
- "passwordKey": "QtfJMKggVk",
- "preloadImportDirectory": "C:/data/csv",
- "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-",
- "clusterMidURL": "-shard-",
- "clusterSuffixURL": "-config,type=DistributedConfigDatastore",
- "shards": [
- "default",
- "inventory",
- "topology"
- ],
- "dbFabric": "false",
- "ip-addresses": {
- "lo": "127.0.0.1",
- "eth0": "127.0.0.1",
- "docker0": "172.17.0.1",
- "virbr0": "192.168.122.1"
- },
- "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
- "databases": [
- "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
- ],
- "dbFabricServer": "localhost",
- "dbFabricPort": "32275",
- "dbFabricGroupId": "hagroup1",
- "dbFabricUser": "${DB_FABRIC_USER}",
- "dbFabricPassword": "${DB_FABRIC_PASSWORD",
- "dbFabricDB": "{{.Values.config.dbFabricDB}}",
- "dbUser": "${SDNC_DB_USER}",
- "dbPassword": "${SDNC_DB_PASSWORD}",
- "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
- "odlProtocol": "http",
- "odlHost": "sdnc.{{.Release.Namespace}}",
- "odlConexusHost": "sdnc.{{.Release.Namespace}}",
- "odlPort": "8181",
- "odlConexusPort": "8181",
- "odlUser": "${ODL_USER}",
- "odlPasswd": "${ODL_PASSWORD}",
- "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
- "AppNetwork_sslCert": "",
- "AppNetwork_sslKey": "",
- "hostnameList": [
- {
- "hname": "localhost"
- }
- ],
- "shard_list": [
- {
- "shard_name": "default"
- },
- {
- "shard_name": "inventory"
- },
- {
- "shard_name": "topology"
- }
- ]
-}
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: DB_FABRIC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
- - name: DB_FABRIC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/admportal.json
- name: properties
- subPath: admportal.json
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02
- name: properties
- subPath: svclogic.properties.sdnctldb02
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdnc-portal",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
-
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-password
- type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
- passwordPolicy: required
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
- - uid: fabric-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.dbFabricUser }}'
- password: '{{ .Values.config.dbFabricPassword }}'
- passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
- password: '{{ .Values.config.keystorePwd }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.4
-config:
- dbFabricDB: mysql
- dbFabricUser: admin
- dbFabricPassword: admin
- # dbFabricDBCredsExternalSecret: some secret
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- storesDir: /opt/onap/sdnc/data/stores
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
- keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- # keystorePwdExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: sdnc-portal-galera
- service:
- name: sdnc-portal-galera
- portName: sdnc-portal-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: sdnc-portal/maria/data
-
-# default number of instances
-replicaCount: 0
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdnc-portal
- portName: sdnc-portal
- internalPort: 8443
- externalPort: 8443
- nodePort: "01"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdnc-portal.api"
- name: "sdnc-portal"
- port: 8443
- config:
- ssl: "redirect"
-
-#Resource limit flavor -By default using small
-flavor: small
-#segregation for different environment (small and large)
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
name: properties
subPath: dmaap-consumer-oofpcipoc.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+ name: properties
+ subPath: dmaap-consumer-RANSlice.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.sdncChartName }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdnc
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: SDN-C Admin Portal
-name: sdnc-portal
-version: 6.0.0
\ No newline at end of file
+description: SDN-C Web Server
+name: sdnc-web
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+nclude "common.repository" . }}apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName: "sdnc-web"
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: WEBPROTOCOL
+ value: {{ .Values.config.webProtocol }}
+ - name: WEBPORT
+ value: {{ .Values.config.webPort | quote }}
+ - name: SDNRPROTOCOL
+ value: {{ .Values.config.sdnrProtocol }}
+ - name: SDNRHOST
+ value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+ - name: SDNRPORT
+ value: {{ .Values.config.sdnrPort | quote }}
+ - name: SSL_CERT_DIR
+ value: {{ .Values.config.sslCertDir }}
+ - name: SSL_CERTIFICATE
+ value: {{ .Values.config.sslCertiticate }}
+ - name: SSL_CERTIFICATE_KEY
+ value: {{ .Values.config.sslCertKey }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- include "common.service" . -}}
+
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ nodePortPrefix: 322
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:1.8.3"
+pullPolicy: Always
+
+config:
+ sdncChartName: sdnc
+ webProtocol: HTTPS
+ webPort: 8443
+ #sdnrProtocol: HTTPS
+ sdnrProtocol: HTTPS
+ #sdnrHost: "sdnc.onap"
+ sdnrHost: "sdnc"
+ sdnrPort: "8443"
+ sslCertDir: "/opt/app/osaaf/local/certs"
+ sslCertiticate: "cert.pem"
+ sslCertKey: "key.pem"
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+ nameOverride: sdnc-web-cert-initializer
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: "org.onap.sdnc"
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ name: sdnc-web
+ suffix: service
+ type: NodePort
+ sessionAffinity: ClientIP
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 8443
+ ports:
+ - name: "sdnc-web"
+ port: "8443"
+ nodePort: "05"
+
+#ingress:
+# enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# envsusbt
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: logConfiguration
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
+ condition: network-name-gen.enabled
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ condition: dgbuilder.enabled
- name: sdnc-prom
version: ~6.x-0
repository: '@local'
- name: elasticsearch
version: ~6.x-0
repository: '@local'
+ condition: config.sdnr.enabled
+ # conditions for sdnc-subcharts
+ - name: dmaap-listener
+ version: ~6.x-0
+ repository: 'file://components/dmaap-listener/'
+ condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+ - name: ueb-listener
+ version: ~6.x-0
+ repository: 'file://components/ueb-listener/'
+ condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+ - name: sdnc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/sdnc-ansible-server/'
+ condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+ - name: sdnc-web
+ version: ~6.x-0
+ repository: 'file://components/sdnc-web/'
+ condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
+log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF}
log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
log4j2.appender.error.strategy.fileIndex = min
log4j2.appender.error.filter.threshold.type = ThresholdFilter
log4j2.appender.error.filter.threshold.level = WARN
-log4j2.appender.error.filter.threshold.match = ACCEPT
log4j2.appender.metric.type = RollingRandomAccessFile
log4j2.appender.metric.name = MetricFile
log4j2.appender.rr.strategy.fileIndex = min
log4j2.appender.security.type = RollingRandomAccessFile
-log4j2.appender.security.name = securityRollingFile
+log4j2.appender.security.name = SecurityFile
log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log
log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i
log4j2.appender.security.append = true
log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit
log4j2.logger.security.level = INFO
log4j2.logger.security.additivity = false
-log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile
+log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile
log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
log4j2.logger.audit.level = INFO
image: onap/sdnc-ansible-server-image:1.7.0
dmaap-listener:
image: onap/sdnc-dmaap-listener-image:1.7.0
- sdnc-portal:
- image: onap/admportal-sdnc-image:1.7.0
ueb-listener:
image: onap/sdnc-ueb-listener-image:1.7.0
cds:
+{{- if .Values.dgbuilder.enabled -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata: {{ include "common.templateMetadata" . | indent 6}}
+ spec:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-chown
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ {{ end }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-nginx
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-master
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-sdnrdb-init-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ env:
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_HOME
+ value: "{{.Values.config.sdncHome}}"
+ - name: ETC_DIR
+ value: "{{.Values.config.etcDir}}"
+ - name: BIN_DIR
+ value: "{{.Values.config.binDir}}"
+ ## start sdnrdb parameter
+ - name: SDNRINIT
+ value: "true"
+ - name: SDNRDBURL
+ {{ if .Values.global.aafEnabled -}}
+ value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- else -}}
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- end }}
+ - name: SDNRDBPARAMETER
+ value: "-k"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d
+ emptyDir: {}
+ - name: bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0755
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ if .Values.config.sdnr.enabled }}
+ Session Affinity: ClientIP
+ {{ end }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.clusterPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
sessionAffinity: None
type: ClusterIP
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
serviceName: {{ include "common.servicename" . }}-cluster
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
podManagementPolicy: Parallel
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{ if .Values.dgbuilder.enabled -}}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
+ {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ {{ end -}}
+ {{ if .Values.config.sdnr.enabled -}}
+ - --container-name
+ - {{ include "common.name" . }}-sdnrdb-init-job
+ {{ end -}}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
+ {{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
- image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command:
+ - sh
+ args:
+ - -c
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
+{{- if .Values.global.aafEnabled }}
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
+{{- end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if not .Values.config.sdnr.enabled }}
command: ["/bin/bash"]
args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"]
+ {{ else }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: KARAF_CONSOLE_LOG_LEVEL
+ value: "{{ include "common.log.level" . }}"
+ - name: SDNRWT
+ value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+ {{- if eq .Values.config.sdnr.mode "web" }}
+ - name: SDNRDM
+ value: "true"
+ {{- end }}
+ - name: SDNRONLY
+ value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ - name: SDNRDBURL
+ {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+ value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+ - name: SDNRDBTRUSTALLCERTS
+ value: "true"
+ {{ end }}
+
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
- mountPath: {{ .Values.config.odl.binDir }}/setenv
name: properties
subPath: setenv
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+ name: properties
+ subPath: mountpoint-registrar.properties
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+ name: properties
+ subPath: mountpoint-state-provider.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
pullPolicy: Always
image: onap/sdnc-image:1.8.4
-
+busyboxRepository: docker.io
+busyboxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
maxGCPauseMillis: 100
parallelGCThreads : 3
numberGGLogFiles: 10
+ # enables sdnr functionality
+ sdnr:
+ enabled: false
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+
+
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
+ truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
config: &mariadbGaleraConfig
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
-sdnc-portal:
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
config:
db:
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
fqi: "sdnc@sdnc.onap.org"
service:
name: sdnrdb
-
master:
replicaCount: 3
# dedicatednode: "yes"
# handles master and data node functionality
dedicatednode: "no"
nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+# enable
+sdnc-web:
+ enabled: false
# default number of instances
replicaCount: 1
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
htpasswdImage: xmartlabs/htpasswd
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
-#!/bin/bash
+#!/bin/sh
# ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-policy status
+echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${NFVO_DB_USER}';
+CREATE USER '${NFVO_DB_USER}';
+GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
command:
- /bin/bash
- -c
- - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql
+ - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- mountPath: /etc/localtime
name: localtime
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.global.mariadbGalera.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
- name: CATALOG_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
+ - name: NFVO_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
+ - name: NFVO_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: registry.hub.docker.com
#################################################################
externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.catalog.userName }}'
password: '{{ .Values.db.catalog.password }}'
-
-
+ - uid: nfvo-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.nfvo.userName }}'
+ password: '{{ .Values.db.nfvo.password }}'
#################################################################
# Application configuration defaults.
userName: cataloguser
password: catalog123
# dbCredsExternalSecret: some secret
+ nfvo:
+ userName: nfvouser
+ # dbCredsExternalSecret: some secret
# application configuration
config:
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
# limitations under the License.
server:
- port: {{ (index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aai
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
#################################################################
global:
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
"version": "v1",
"url": "/",
"protocol": "REST",
- "port": "{{ (index .Values.service.ports 0).port }}",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
"visualRange": "1"
}
]{{ end }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
spec:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
global:
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-so-mariadb-config-job
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
soBaseImage: onap/so/base-image:1.0
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+
subChartsOnly:
enabled: true
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
+
subChartsOnly:
enabled: true
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - Juju VNFM Driver
-name: vfc-juju-vnfm-driver
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-###############################################################################
-# Copyright 2016 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###############################################################################
-log4j.rootLogger=INFO,root
-log4j.logger.org.openo.nfvo=DEBUG,stdout
-log4j.appender.root.Append=true
-
-#Log Directory
-logDir=/var/log/onap
-componentName=vfc
-subComponentName=jujudriver
-log4j.appender.root.File=${logDir}/${componentName}/${subComponentName}/jujuvnfmadapterservice.log
-
-log4j.appender.root.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n
-log4j.appender.root.layout=org.apache.log4j.PatternLayout
-log4j.appender.root.MaxBackupIndex=50
-log4j.appender.root.MaxFileSize=20MB
-log4j.appender.root=org.apache.log4j.RollingFileAppender
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/jujudriver/config/log4j.properties
- subPath: log4j.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "jujuvnfmdriver",
- "version": "v1",
- "url": "/api/jujuvnfmdriver/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/jujudriver:1.3.8
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-juju-vnfm-driver
- portName: vfc-juju-vnfm-driver
- externalPort: 8483
- internalPort: 8483
-# nodePort: 30483
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 2000Mi
- requests:
- cpu: 100m
- memory: 1000Mi
- large:
- limits:
- cpu: 400m
- memory: 4000Mi
- requests:
- cpu: 200m
- memory: 2000Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - MultiVIM Proxy
-name: vfc-multivim-proxy
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multivimproxy",
- "version": "v1",
- "url": "/api/multivimproxy/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/multivimproxy:1.3.1
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-multivim-proxy
- portName: vfc-multivim-proxy
- externalPort: 8481
- internalPort: 8481
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - Nokia V2VNFM Driver
-name: vfc-nokia-v2vnfm-driver
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: EXTERNAL_PORT
- value: "8089"
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "NokiaSVNFM",
- "version": "v1",
- "url": "/api/NokiaSVNFM/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/nokiav2:1.3.6
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-nokia-v2vnfm-driver
- portName: vfc-nokia-v2vnfm-driver
- externalPort: 8089
- internalPort: 8089
-# nodePort: 13
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 5000Mi
- requests:
- cpu: 100m
- memory: 3000Mi
- large:
- limits:
- cpu: 400m
- memory: 7000Mi
- requests:
- cpu: 200m
- memory: 5000Mi
- unlimited: {}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# limitations under the License.
apiVersion: v1
-description: ONAP VFC - DB
+description: ONAP VFC - REDIS
name: vfc-redis
version: 6.0.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}2
-
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
-
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
type: ClusterIP
name: vfc-redis
portName: vfc-redis
- externalPort: 3306
- internalPort: 3306
- externalPort2: 6379
- internalPort2: 6379
+ externalPort: 6379
+ internalPort: 6379
ingress:
enabled: false
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - Resource Manager
-name: vfc-resmgr
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-###############################################################################
-# Copyright 2016, Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###############################################################################
-log4j.rootLogger=INFO,root
-log4j.appender.root.Append=true
-
-#Log Directory
-logDir=/var/log/onap
-componentName=vfc
-subComponentName=resmanagement
-log4j.appender.root.File=${logDir}/${componentName}/${subComponentName}/resmanagement.log
-
-log4j.appender.root.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n
-log4j.appender.root.layout=org.apache.log4j.PatternLayout
-log4j.appender.root.MaxBackupIndex=50
-log4j.appender.root.MaxFileSize=20MB
-log4j.appender.root=org.apache.log4j.RollingFileAppender
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/resmgr/config/log4j.properties
- subPath: log4j.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "resmgr",
- "version": "v1",
- "url": "/api/resmgr/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/resmanagement:1.3.1
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-resmgr
- portName: vfc-resmgr
- externalPort: 8480
- internalPort: 8480
-# nodePort: 30480
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 2000Mi
- requests:
- cpu: 100m
- memory: 1000Mi
- large:
- limits:
- cpu: 400m
- memory: 4000Mi
- requests:
- cpu: 200m
- memory: 2000Mi
- unlimited: {}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.mariadbService }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - Workflow Engine
-name: vfc-workflow-engine
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: SERVICE_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SERVICE_PORT
- value: "{{ .Values.config.workflowPort }}"
- - name: OPENPALETTE_MSB_IP
- value: "{{ .Values.global.config.msbServiceName }}"
- - name: OPENPALETTE_MSB_PORT
- value: "{{ .Values.global.config.msbPort | default 80 }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "workflow-engine",
- "version": "v1",
- "url": "/activiti-rest",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-activiti:1.3.3
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-workflow-engine
- portName: vfc-workflow-engine
- externalPort: 8080
- internalPort: 8080
-# nodePort: 30807
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 2000Mi
- requests:
- cpu: 100m
- memory: 1000Mi
- large:
- limits:
- cpu: 400m
- memory: 4000Mi
- requests:
- cpu: 200m
- memory: 2000Mi
- unlimited: {}
\ No newline at end of file
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - Workflow
-name: vfc-workflow
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: SERVICE_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SERVICE_PORT
- value: "{{ .Values.service.externalPort }}"
- - name: OPENPALETTE_MSB_IP
- value: "{{ .Values.global.config.msbServiceName }}"
- - name: OPENPALETTE_MSB_PORT
- value: "{{ .Values.global.config.msbPort | default 80 }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "workflow",
- "version": "v1",
- "url": "/api/workflow/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-mgrservice:1.3.3
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-workflow
- portName: vfc-workflow
- externalPort: 10550
- internalPort: 10550
-# nodePort: 30805
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - ZTE SDNC Driver
-name: vfc-zte-sdnc-driver
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "ztesdncdriver",
- "version": "v1",
- "url": "/api/ztesdncdriver/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/ztesdncdriver:1.3.1
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-zte-sdnc-driver
- portName: vfc-zte-sdnc-drive
- externalPort: 8411
- internalPort: 8411
-# nodePort: 30411
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.fullname" . }}-galera-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
- --container-name
- {{ index .Values "mariadb-galera" "service" "name" }}
env:
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
envsubstImage: dibi/envsubst
Code Review / oom.git / commitdiff