.. Links
.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme
.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
-.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/
ONAP is currenty planned to support Istio as default ServiceMesh platform.
Therefor the following instructions describe the setup of Istio and required tools.
-Used `Istio best practices`_ and `Istio setup guide`_
+Used `Istio setup guide`_
.. _oom_base_optional_addons_istio_installation:
container:
name: postgres
-image: onap/cps-and-ncmp:3.2.1
+image: onap/cps-and-ncmp:3.2.6
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
onap:
cps: {{ .Values.logging.cps }}
+{{- with (first .Values.kafkaUser.acls) }}
+spring.kafka.consumer.group-id: {{ .name }}
+{{- end }}
spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
spring.kafka.security.protocol: SASL_PLAINTEXT
-spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
{{- if .Values.config.additional }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: init-data-input
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
\ No newline at end of file
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.2.2
+image: onap/ncmp-dmi-plugin:1.3.0
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
type: RollingUpdate
maxUnavailable: 0
maxSurge: 1
+
+# Strimzi KafkaUser config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: ncmp-dmi-plugin-group
+ type: group
+ operations: [Read]
+ - name: ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin
+ type: topic
+ operations: [Read]
+ - name: dmi-ncmp-cm-avc-subscription
+ type: topic
+ operations: [Write]
+ - name: ncmp-async-m2m
+ type: topic
+ operations: [Write]
Code Review / oom.git / commitdiff