============== =========== ======= ======== ======== ============= ========
London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0
Montreal 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.1
- New Delhi 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.3
+ New Delhi 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.40.0
============== =========== ======= ======== ======== ============= ========
.. table:: OOM Software Requirements (production)
repository: nexus3.onap.org:10001
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
# readiness check
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent
loggingRepository: docker.elastic.co
{{ else }}
- /app/ready.py
args:
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{ end }}
env:
- command:
- /bin/bash
- -c
- - /app/ready.py --app-name aai-cassandra --timeout 1 || /app/ready.py --app-name cassandra
+ - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
env:
- name: NAMESPACE
valueFrom:
- command:
- /app/ready.py
args:
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
env:
- name: NAMESPACE
- command:
- /app/ready.py
args:
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
env:
- name: NAMESPACE
- command:
- /bin/bash
- -c
- - /app/ready.py --app-name aai-cassandra --timeout 1 || /app/ready.py --app-name cassandra
+ - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
env:
- name: NAMESPACE
valueFrom:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
{{- else }}
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{- end }}
{{- end }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai
env:
- name: NAMESPACE
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
{{- else }}
- - --app-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{- end }}
{{- end }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai
env:
- name: NAMESPACE
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai-resources
- - --container-name
+ - --service-name
- aai-traversal
- - --container-name
+ - --service-name
- aai-graphadmin
env:
- name: NAMESPACE
image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /dev/log
- name: aai-service-log
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
{{ if .Values.global.installSidecarSecurity }}
subPath: haproxy-pluggable-security.cfg
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: aai-service-log
- hostPath:
- path: "/dev/log"
- name: haproxy-cfg
configMap:
name: aai-deployment-configmap
dockerhubRepository: docker.io
busyboxImage: busybox
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
- {{- if .Values.global.mariadbGalera.localCluster }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
- {{- end }}
- {{ else }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
- {{- end }}
- {{- end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
name: processed-config
subPath: application.properties
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
unlimited: {}
readinessCheck:
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ .Values.config.cdsDB.dbServer }}-0'
- wait_for_global:
- apps:
- - '{{ .Values.global.mariadbGalera.nameOverride }}'
- wait_for_local:
- apps:
- - '{{ .Values.config.cdsDB.dbServer }}'
+ wait_for:
+ services:
+ - '{{ .Values.global.mariadbGalera.service }}'
#Pods Service Account
serviceAccount:
- command:
- /app/ready.py
args:
- - --container-name
- - cds-blueprints-processor
+ - --service-name
+ - cds-blueprints-processor-http
env:
- name: NAMESPACE
valueFrom:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-blueprints
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- name: ARTIFACT_MANAGER_SERVER_LOG_FILE
value: {{ .Values.config.artifactManagerLogFile }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
resources:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
# Py executor shares the blueprintsprocessor storage (for now) to
# share uploaded CBA files. In the future it will be deprecated
# when all parts of the CDS will make use of Artifact Manager
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdc-be
- - --container-name
- - cds-blueprints-processor
+ - --service-name
+ - cds-blueprints-processor-http
env:
- name: NAMESPACE
valueFrom:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
apiVersion: v1
fieldPath: metadata.namespace
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
{{- range $i := until (int .Values.replicaCount)}}
- mountPath: /onap-data/cassandra-{{ $i }}
name: data-dir-{{ $i }}
volumeMounts:
- name: backup-dir
mountPath: /backup
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: scripts
configMap:
name: {{ include "common.fullname" . }}-configmap
volumeMounts:
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/cassandra
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: cassandra-entrypoint
mountPath: /docker-entrypoint.sh
subPath: docker-entrypoint.sh
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- range $key, $value := .Values.configOverrides }}
- name: cassandra-config-{{ $key | replace "." "-" }}
configMap:
superuserPassword: &superuserpassword cassandra
casOptions:
authorizer: AllowAllAuthorizer
+ read_request_timeout: 10000ms
write_request_timeout: 10000ms
counter_write_request_timeout: 15000ms
jvmOptions:
heap_initial_size: 512M
- heap_max_size: 4096M
+ heap_max_size: 8192M
hostNetwork: false
datacenters:
- name: dc1
podAnnotations:
# sidecar.istio.io/inject: "false"
- traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001"
+ traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001,7199,50051"
traffic.sidecar.istio.io/includeInboundPorts: '*'
- traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001"
- prometheus.io/scrape: 'true'
- prometheus.io/port: '8080'
+ traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001,7199,50051"
podManagementPolicy: OrderedReady
updateStrategy:
resources:
limits:
cpu: "2"
- memory: "8Gi"
+ memory: "16Gi"
requests:
cpu: "0.2"
memory: "2.5Gi"
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.1.0
+version: 13.2.0
commonLabels:
app: {{ .Values.k8ssandraOperator.config.clusterName }}-reaper
version: {{ .Values.k8ssandraOperator.cassandraVersion }}
+ {{- if .Values.metrics.enabled }}
+ telemetry:
+ prometheus:
+ enabled: true
+ mcac:
+ enabled: false
+ cassandra:
+ endpoint:
+ address: 0.0.0.0
+ {{- end }}
{{- end }}
{{ if .Values.k8ssandraOperator.stargate.enabled -}}
stargate:
storage: {{ .Values.k8ssandraOperator.persistence.size }}
superuserSecretRef:
name: {{ include "common.fullname" . }}-{{ .Values.k8ssandraOperator.config.secretName }}
+ {{- if .Values.metrics.enabled }}
+ telemetry:
+ prometheus:
+ enabled: true
+ mcac:
+ enabled: false
+ cassandra:
+ endpoint:
+ address: 0.0.0.0
+ {{- end }}
config:
{{ if .Values.k8ssandraOperator.config.casOptions -}}
cassandraYaml:
{{- index .Values "mariadb-galera" "nameOverride" -}}
{{- end }}
{{- else -}}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{- printf "%s-primary" (.Values.global.mariadbGalera.service) }}
- {{- else }}
{{- .Values.global.mariadbGalera.service -}}
- {{- end }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
- Create MariDB Database via mariadb-operator
+ Create MariaDB Database via mariadb-operator
*/}}
{{- define "common.mariadbOpDatabase" -}}
{{- $dot := default . .dot -}}
{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
---
-apiVersion: mariadb.mmontes.io/v1alpha1
+apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: {{ $dbinst }}-{{ $dbname }}
{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
{{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}}
---
-apiVersion: mariadb.mmontes.io/v1alpha1
+apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: {{ $dbinst }}-{{ $dbuser }}
name: {{ $dbuser }}
mariaDbRef:
name: {{ $dbinst }}
+ waitForIt: true
passwordSecretKeyRef:
name: {{ $dbsecret }}
key: password
{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
---
-apiVersion: mariadb.mmontes.io/v1alpha1
+apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }}
spec:
mariaDbRef:
name: {{ $dbinst }}
+ waitForIt: true
privileges:
- "ALL"
database: {{ $dbname }}
{{- $dbinst := include "common.name" $dot -}}
{{- $name := default $dbinst $dot.Values.backup.nameOverride -}}
---
-apiVersion: mariadb.mmontes.io/v1alpha1
+apiVersion: k8s.mariadb.com/v1alpha1
kind: Backup
metadata:
name: {{ $name }}
spec:
+ inheritMetadata:
+ labels:
+ sidecar.istio.io/inject: 'false'
+ backoffLimit: 5
+ logLevel: info
mariaDbRef:
name: {{ $dbinst }}
+ waitForIt: true
schedule:
cron: {{ $dot.Values.backup.cron }}
suspend: false
{{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}}
{{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}}
---
-apiVersion: mariadb.mmontes.io/v1alpha1
+apiVersion: k8s.mariadb.com/v1alpha1
kind: MariaDB
metadata:
name: {{ $dbinst }}
annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
{{- end }}
labels:
+ # temporarily test mariaDB without sidecar (fix initial Job, Backup and Metrics)
+ # will be obsolete with "native-sidecars" feature in K8S and Istio
+ sidecar.istio.io/inject: "false"
app: {{ $dbinst }}
version: {{ .Values.mariadbOperator.appVersion }}
rootPasswordSecretKeyRef:
enabled: true
authDelegatorRoleName: {{ $dbinst }}-auth
gracefulShutdownTimeout: 5s
+ primary:
+ automaticFailover: true
+ podIndex: 0
recovery:
enabled: true
- clusterHealthyTimeout: 5m0s
+ clusterHealthyTimeout: 30s
clusterBootstrapTimeout: 10m0s
- podRecoveryTimeout: 5m0s
- podSyncTimeout: 10m0s
+ minClusterSize: 50%
+ podRecoveryTimeout: 3m0s
+ podSyncTimeout: 3m0s
initContainer:
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
imagePullPolicy: IfNotPresent
- volumeClaimTemplate:
- {{- if .Values.mariadbOperator.storageClassName }}
- storageClassName: {{ .Values.mariadbOperator.storageClassName }}
- {{- end }}
- resources:
- requests:
- storage: 50Mi
- accessModes:
- - ReadWriteOnce
+ config:
+ reuseStorageVolume: false
+ volumeClaimTemplate:
+ {{- if .Values.mariadbOperator.persistence.storageClassName }}
+ storageClassName: {{ .Values.mariadbOperator.persistence.storageClassName }}
+ {{- end }}
+ resources:
+ requests:
+ storage: 50Mi
+ accessModes:
+ - ReadWriteOnce
{{- end }}
livenessProbe:
exec:
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
- {{- if default false .Values.global.metrics.enabled }}
+ {{- if default false $dot.Values.global.metrics.enabled }}
metrics:
enabled: true
{{- end }}
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
tolerations:
- - key: mariadb.mmontes.io/ha
+ - key: k8s.mariadb.com/ha
operator: Exists
effect: NoSchedule
podDisruptionBudget:
key: my.cnf
name: {{ printf "%s-configuration" (include "common.fullname" $dot) }}
resources: {{ include "common.resources" . | nindent 4 }}
- volumeClaimTemplate:
- {{- if $dot.Values.mariadbOperator.storageClassName }}
- storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }}
+ storage:
+ {{- if $dot.Values.mariadbOperator.persistence.storageClassName }}
+ storageClassName: {{ $dot.Values.mariadbOperator.persistence.storageClassName }}
{{- end }}
- resources:
- requests:
- storage: {{ $dot.Values.mariadbOperator.persistence.size | quote }}
- accessModes:
- - ReadWriteOnce
+ size: {{ $dot.Values.mariadbOperator.persistence.size | quote }}
{{- if $dot.Values.db.user }}
{{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }}
{{- end }}
value: "{{ .Values.config.appRole }}"
- name: KEY_PREFIX
value: "{{ .Values.config.keyPrefix }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
restartPolicy: Never
{{- include "common.imagePullSecrets" . | nindent 6 }}
apiVersion: v2
description: Chart for MariaDB Galera cluster
name: mariadb-galera
-version: 13.1.0
+version: 13.2.0
keywords:
- mariadb
- mysql
name: tmp-data
- mountPath: /opt/bitnami/mariadb/tmp
name: tmp
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: backup-dir
mountPath: /backup
{{- include "common.imagePullSecrets" . | nindent 10 }}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: data
persistentVolumeClaim:
{{- if .Values.persistence.existingClaim }}
mariadbOperator:
image: mariadb
- appVersion: 11.1.2
+ appVersion: 11.2.2
persistence:
#storageClassName: default
size: 3Gi
galera:
enabled: true
- agentImage: mariadb-operator/agent
- agentVersion: v0.0.3
- initImage: mariadb-operator/init
- initVersion: v0.0.6
+ agentImage: mariadb-operator/mariadb-operator
+ agentVersion: v0.0.27
+ initImage: mariadb-operator/mariadb-operator
+ initVersion: v0.0.27
## String to partially override common.names.fullname template (will maintain the release name)
##
# sidecar.istio.io/inject: "false"
traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
traffic.sidecar.istio.io/includeInboundPorts: '*'
- traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
+ traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568,443"
mariadbOpConfiguration: |-
[mysqld]
{{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: mariadb-init
mountPath: /db_init/
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- name: mariadb-conf
configMap:
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: nexus3.onap.org:10001/onap/oom/readiness:6.0.2
+ value: nexus3.onap.org:10001/onap/oom/readiness:6.0.3
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /config-input/setup.sql
name: config
subPath: setup.sql
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config
configMap:
name: {{ include "common.fullname" . }}
{{ toYaml $dot.Values.affinity | indent 10 }}
{{- end }}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" $dot }}-backup
emptyDir: {}
- name: {{ include "common.fullname" $dot }}-data
mariadbImage: bitnami/mariadb:10.5.8
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15
- quitQuitImage: onap/oom/readiness:6.0.2
+ quitQuitImage: onap/oom/readiness:6.0.3
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
readinessCheck:
wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
minReadySeconds: 10
updateStrategy:
readinessCheck:
wait_for:
- - cps-temporal-db
+ services:
+ - cps-temporal-db
minReadySeconds: 10
updateStrategy:
readinessCheck:
wait_for:
- - cps-core
+ services:
+ - cps-core
minReadySeconds: 10
updateStrategy:
# to be sure that we can provision the DR feed that's needed
readinessCheck:
wait_for:
- containers:
+ services:
- dmaap-dr-node
- message-router
# Dependencies
readinessCheck:
wait_for:
- - dcae-datalake-feeder
+ services:
+ - dl-feeder
# Probe Configuration
readiness:
# Dependencies
readinessCheck:
wait_for:
- - dcae-datalake-feeder
+ services:
+ - dl-feeder
# Probe Configuration
readiness:
path: /var/log/ONAP/dcaegen2/services/datalake
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-datalake-postgres
-
# Probe Configuration
readiness:
initialDelaySeconds: 90
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-datalake-postgres
service:
name: *postgresName
name2: dcae-datalake-pg-primary
pgDatabase: datalake
pgUserExternalSecret: *pgUserCredsSecretName
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-datalake-feeder
path: /var/log/ONAP/dcaegen2/services/heartbeat
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-heartbeat-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-heartbeat-postgres
service:
name: *postgresName
name2: dcae-heartbeat-pg-primary
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-heartbeat
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
# subscription to the feed.
readinessCheck:
wait_for:
- containers:
- - dcae-datafile-collector
+ services:
+ - datafile-collector
# Probe Configuration
readiness:
path: /var/log/ONAP/dcaegen2/services/pmsh
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-pmsh-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-pmsh-postgres
service:
name: *postgresName
name2: *dcaePmshPgPrimary
pgDatabase: pmsh
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-pmsh
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
path: /var/log/ONAP/dcaegen2/services/sliceanalysisms
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-sliceanalysisms-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 60
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-sliceanalysisms-postgres
service:
name: *postgresName
name2: dcae-sliceanalysisms-pg-primary
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-slice-analysis-ms
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
# policyID: |
# '["com.Config_PCIMS_CONFIG_POLICY"]'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-sonhms-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-sonhms-postgres
service:
name: *postgresName
name2: *dcaeSonhmsPgPrimary
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-son-handler
# dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# probe configuration
readiness:
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Service Configuration
service:
readinessCheck:
wait_for:
- - sdc-be
+ services:
+ - sdc-be
flavor: small
resources:
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
name: {{ include "common.fullname" . }}-event-logs
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- mountPath: /opt/app/datartr/etc/node.properties
name: {{ include "common.fullname" . }}-config
subPath: node.properties
{{- include "common.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-node-props
readinessCheck:
wait_for:
- - dmaap-dr-prov
+ services:
+ - dmaap-dr-prov
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- mountPath: /opt/app/datartr/etc/provserver.properties
name: {{ include "common.fullname" . }}-config
subPath: provserver.properties
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- httpGet:
- path: /events/__strimzi-topic-operator-kstreams-topic-store-changelog/CG1/C1
+ tcpSocket:
port: {{ .Values.liveness.port }}
- scheme: HTTP
- failureThreshold: {{ .Values.liveness.failureThreshold }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
readinessProbe:
tcpSocket:
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
- httpGet:
- path: /events/__strimzi-topic-operator-kstreams-topic-store-changelog/CG1/C1
- port: {{ .Values.startup.port }}
- scheme: HTTP
- failureThreshold: {{ .Values.startup.failureThreshold }}
+ tcpSocket:
+ port: {{ .Values.startup.port }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
- successThreshold: {{ .Values.startup.successThreshold }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
+ successThreshold: {{ .Values.startup.successThreshold }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
env:
- name: JAASLOGIN
valueFrom:
- name: useZkTopicStore
value: "false"
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
subPath: MsgRtrApi.properties
name: appprops
name: cluster-ca-certs
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
#Example environment variable passed to container
# - name: DEBUG_FLAG
# value: {{ .Values.global.debugEnabled | default .Values.debugEnabled | quote }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
#Example config file mount into container
+# volumeMounts:
# - mountPath: /opt/app/application.properties
# name: {{ include "common.name" . }}-config
# subPath: application.properties
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
#Example config file mount into container
+# volumes:
# - name: {{ include "common.fullname" . }}-config
# configMap:
# name: {{ include "common.fullname" . }}-configmap
jobs:
- '{{ include "common.release" . }}-holmes-postgres-init-config-job'
wait_for_local:
- - '{{ .Values.global.postgres.container.name }}'
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
#Pods Service Account
serviceAccount:
jobs:
- '{{ include "common.release" . }}-holmes-postgres-init-config-job'
wait_for_local:
- - '{{ .Values.global.postgres.container.name }}'
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
#Pods Service Account
serviceAccount:
- /app/ready.py
args:
{{- if .Values.global.mariadbGalera.localCluster }}
- - --app-name
- - {{ index .Values "mariadb-galera" "nameOverride" }}
+ - --service-name
+ - {{ index .Values "mariadb-galera" "service" "name" }}
{{- else }}
- --job-name
- {{ include "common.release" . }}-etsicatalog-db-config-job
cpu: "3m"
memory: "20Mi"
{{ if .Values.config.msb_enabled }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{ end }}
- command:
- /bin/sh
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
{{- else }}
emptyDir: {}
{{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
readinessCheck:
wait_for:
- msb:
- name: msb
- containers:
- - msb-iag
+ services:
+ - msb-iag
#################################################################
# Secrets metaconfig
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
value: {{ .Values.config.kubeMasterUrl }}
- name: MSB_URL
value: {{tpl $.Values.config.discoveryUrl .}}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/docker-entrypoint.sh
name: entrypoint
subPath: docker-entrypoint.sh
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: entrypoint
configMap:
name: {{ include "common.fullname" . }}-entrypoint
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-consul
env:
- name: NAMESPACE
- name: CONSUL_IP
value: msb-consul.{{ include "common.namespace" . }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/discover-works/logs
name: {{ include "common.fullname" . }}-logs
resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/multicloud/k8splugin/k8sconfig.json
name: {{ include "common.name" .}}
subPath: k8sconfig.json
key: sasl.jaas.config
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name : {{ include "common.name" . }}
configMap:
name: {{ include "common.fullname" . }}
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- include "common.imagePullSecrets" . | nindent 6 }}
#repository: nexus3.onap.org:10001
# readiness check
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
password: docker
# readiness check
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
# readiness check image
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
# image pull policy
pullPolicy: Always
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/etc/conductor/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
readinessCheck:
wait_for:
- - oof-has-controller
+ apps:
+ - oof-has-controller
#Pods Service Account
serviceAccount:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
{{ end -}}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
readinessCheck:
wait_for:
- - policy-xacml-pdp
+ services:
+ - policy-xacml-pdp
#Pods Service Account
serviceAccount:
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
# Global
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
memory: "60Mi"
readinessCheck:
wait_for:
- - oom-cert-service
+ services:
+ - oom-cert-service
# CMPv2Issuer
cmpv2issuer:
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- ejbca-ejbca
env:
- name: NAMESPACE
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
"useHttps": false,
"fetchTimeout": 15000,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
"security.protocol": "SASL_PLAINTEXT",
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
- }
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
- }],
+ }}],
"topicSinks" : [{
"topic": "${PAP_TOPIC}",
"useHttps": false,
"servers": [ "${KAFKA_URL}" ],
-{{ if .Values.global.useStrimziKafkaPf }}
"topicCommInfrastructure": "kafka",
"additionalProps": {
"group.id" : "${GROUP_ID}",
"sasl.mechanism": "${SASL}",
"sasl.jaas.config": "${JAASLOGIN}"
}
-{{ else }}
- "topicCommInfrastructure": "dmaap"
-{{ end }}
}]
}
}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command: ["/bin/sh", "-cx"]
-{{- if .Values.global.useStrimziKafkaPf }}
args:
- JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
cd /config-input && for PFILE in `ls -1`;
do envsubst <${PFILE} >/config/${PFILE}; done
-{{ else }}
- args:
- - cd /config-input && for PFILE in `ls -1`;
- do envsubst <${PFILE} >/config/${PFILE}; done
-{{ end }}
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
- name: KAFKA_URL
- value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
- name: SASL
value: {{ .Values.kafkaUser.authenticationType | upper }}
- name: GROUP_ID
value: {{ .Values.config.kafka.consumer.groupId }}
- name: PAP_TOPIC
value: {{ .Values.config.app.listener.policyPdpPapTopic }}
-{{ else }}
- - name: KAFKA_URL
- value: message-router
- - name: PAP_TOPIC
- value: {{ .Values.config.app.listener.policyPdpPapTopic | upper }}
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: apexconfig-input
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /var/log/onap
name: policy-logs
- mountPath: /home/apexuser/config
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: policy-logs
emptyDir: {}
- name: apexconfig-input
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
+
global:
nodePortPrefix: 302
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
#################################################################
# Secrets metaconfig
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
-# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format instead of yaml.
+
kafkaUser:
authenticationType: scram-sha-512
acls:
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: apiconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-a1pms-ppnt-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-a1pms-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-a1pms-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
#################################################################
global:
persistence: {}
- #Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
+
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-http-ppnt-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-http-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-http-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-k8s-ppnt-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-k8s-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-k8s-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
flavor: small
resources:
type: topic
operations: [Read, Write]
-readinessCheck:
- wait_for:
- - message-router
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
\ No newline at end of file
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-kserve-ppnt-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-kserve-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-kserve-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and\r
# limitations under the License.\r
*/}}\r
-{{ if .Values.global.useStrimziKafka }}\r
{{ include "common.kafkauser" . }}\r
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
\ No newline at end of file
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
participantSupportedElementTypes:
-
typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-pf-ppnt-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-pf-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-pf-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
global:
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
# probe configuration parameters
liveness:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
-readinessCheck:
- wait_for:
- - message-router
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
+
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
group.id: {{ (first .Values.kafkaUser.acls).name }}
allow.auto.create.topics: false
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
topicSinks:
-
useHttps: false
fetchTimeout: 15000
topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
- {{ if .Values.global.useStrimziKafka }}
topicCommInfrastructure: kafka
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
additionalProps:
client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${SASL_JAAS_CONFIG}
- {{ else }}
- topicCommInfrastructure: dmaap
- servers:
- - ${topicServer:message-router}
- {{ end }}
acmParameters:
toscaElementName: {{ .Values.customNaming.toscaElementName }}
toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafka }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-runtime-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-runtime-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafka }}
{{ include "common.kafkauser" . }}
-{{ end }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence: {}
#Strimzi Kafka properties
- useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
acRuntimeTopic:
name: &acRuntimeTopic policy.clamp-runtime-acm
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: policy-gui-read
flavor: small
roles:
- read
-readinessCheck:
- wait_for:
- - message-router
-
wait_for_job_container:
containers:
- '{{ include "common.release" . }}-policy-galera-config'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: distributionconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
# PDP-D DMaaP configuration channel
-PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
-PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_TOPIC=pdpd_configuration
+PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
-POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_TOPIC=policy-pdp-pap
POLICY_PDP_PAP_GROUP=defaultGroup
POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
# DCAE DMaaP
-DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
-DCAE_SERVERS=message-router
+DCAE_TOPIC=unauthenticated.dcae_cl_output
+DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
-DMAAP_SERVERS=message-router
+KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DMAAP_HTTPS="false"
# AAI
# limitations under the License.
*/}}
-POOLING_TOPIC=POOLING
+POOLING_TOPIC=pooling
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.nexus.name }}
env:
- name: NAMESPACE
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-secret
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:2.1.0
+image: onap/policy-pdpd-cl:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
server:
jvmOpts: -server -XshowSettings:vm
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-drools-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-drools-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- policy-clamp-runtime-acm
env:
- name: NAMESPACE
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /sonatype-work
name: nexus-data
resources:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: nexus-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
- - name: readinessCheck
- version: ~13.x-0
- repository: '@local'
name: PapGroup
aaf: false
topic:
- {{ if .Values.global.useStrimziKafkaPf }}
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
- {{ else }}
- pdp-pap.name: {{ .Values.dmaap.topics.policyPdpPap }}
- notification.name: {{ .Values.dmaap.topics.policyNotification }}
- heartbeat.name: {{ .Values.dmaap.topics.policyHeartbeat }}
- {{ end }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
topicSources:
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
fetchTimeout: 15000
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyHeartbeat }}
- effectiveTopic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
topicSinks:
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyPdpPap }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyPdpPap }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
- useHttps: false
- {{ if .Values.global.useStrimziKafkaPf }}
topic: {{ .Values.config.kafka.topics.policyNotification }}
servers:
- - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
topicCommInfrastructure: kafka
additionalProps:
group.id : {{ .Values.config.kafka.consumer.groupId }}
security.protocol: SASL_PLAINTEXT
sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
sasl.jaas.config: ${JAASLOGIN}
- {{ else }}
- topic: {{ .Values.dmaap.topics.policyNotification }}
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- {{ end }}
+
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
-{{- if not .Values.global.useStrimziKafkaPf }}
-{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
-{{- end }}
- command:
- /app/ready.py
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.global.useStrimziKafkaPf }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
name: papconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: papconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ if .Values.global.useStrimziKafkaPf }}
{{ include "common.kafkauser" . }}
-{{ end }}
global:
nodePortPrefixExt: 304
persistence: {}
- useStrimziKafkaPf: set-via-parent-chart-global-value
postgres:
localCluster: false
serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: portal-app-read
flavor: small
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafkaPf: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
topics:
policyHeartbeat: policy-heartbeat
listener:
policyPdpPapTopic: policy-pdp-pap
-dmaap:
- topics:
- policyHeartbeat: POLICY-HEARTBEAT
- policyNotification: POLICY-NOTIFICATION
- policyPdpPap: POLICY-PDP-PAP
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
patternType: prefix
operations: [Create, Describe, Read, Write]
-readinessCheck:
- wait_for:
- - message-router
"applicationPath": "/opt/app/policy/pdpx/apps"
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "fetchTimeout" : 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
}],
"topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : "false",
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+ }]
}
}
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:3.1.0
+image: onap/policy-xacml-pdp:3.1.1
pullPolicy: Always
+componentName: &componentName policy-xacml-pdp
+
# flag to enable debugging - application support required
debugEnabled: false
service:
type: ClusterIP
- name: policy-xacml-pdp
+ name: *componentName
internalPort: 6969
ports:
- name: http
- serviceAccount: dcae-ves-collector-read
- serviceAccount: dcae-ves-mapper-read
- serviceAccount: dcae-ves-openapi-manager-read
- - serviceAccount: message-router-read
+ - serviceAccount: strimzi-kafka-read
- serviceAccount: oof-read
- serviceAccount: sdnc-read
#Pods Service Account
serviceAccount:
- nameOverride: policy-xacml-pdp
+ nameOverride: *componentName
roles:
- read
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-xacml-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-xacml-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+
+
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- {{- if .Values.global.mariadbGalera.localCluster }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
- {{- end }}
- {{ else }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
- {{- end }}
- {{- end }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.image.mariadb" . }}
name: {{ include "common.name" . }}-pg-init
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
- initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-pg-config
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafkaPf }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
config:
retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
-{{- end }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.global.useStrimziKafka }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
operation: All
-{{- end }}
# with '*mariadbConfig' pointer.
config: &mariadbConfig
mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
- nameOverride: *policy-mariadb
+ service: &mariadbService policy-mariadb
+ internalPort: 3306
+ nameOverride: *mariadbService
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
prometheusEnabled: false
name3: tcp-pgset-replica
container:
name: postgres
- #Strimzi Kafka properties
- useStrimziKafka: true
- # Temporary flag to disable strimzi for pf components - will be removed after native kafka support is added for drools and xacml
- useStrimziKafkaPf: false
- kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
-
#################################################################
# Secrets metaconfig
#################################################################
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: true
+ enabled: false
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
name: &mysqlDbName policyadmin
rootUser:
externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
+ nameOverride: *mariadbService
# mariadb-galera.service and global.mariadbGalera.service must be equals
- service: *mariadbService
+ service:
+ name: *mariadbService
replicaCount: 1
mariadbOperator:
galera:
enabled: true
mountSubPath: policy/maria/data
serviceAccount:
- nameOverride: *policy-mariadb
+ nameOverride: *mariadbService
postgresImage: library/postgres:latest
# application configuration override for postgres
pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
- wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
+ wait_for_postgres:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+ wait_for_mariadb:
+ services:
+ - '{{ include "common.mariadbService" . }}'
restServer:
policyPapUserName: policyadmin
apiVersion: v2
description: ONAP Next Generation Portal
name: portal-ng
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
- name: portal-ng-bff
version: ~13.x-0
repository: '@local'
+ - name: portal-ng-preferences
+ version: ~13.x-0
+ repository: '@local'
+ - name: portal-ng-history
+ version: ~13.x-0
+ repository: '@local'
- name: portal-ng-ui
version: ~13.x-0
repository: '@local'
failureThreshold: 4
env:
- KEYCLOAK_URL: http://keycloak-http.keycloak
+ KEYCLOAK_URL: http://keycloakx-http.keycloak/auth
KEYCLOAK_REALM: ONAP
HISTORY_URL: http://portal-ng-history:9002
PREFERENCES_URL: http://portal-ng-preferences:9001
+ TRACING_ENABLED: true
COLLECTOR_HOST: jaeger-collector.istio-system
COLLECTOR_PORT: 9411
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-history
+description: Helm chart of the history. This micro service provides the latest user actions of the ONAP portal.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: mongodb
+ version: 14.12.2
+ repository: '@local'
--- /dev/null
+# History helm chart
+This repository contains the chart for the history service.
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ - secretRef:
+ name: {{ include "common.fullname" . }}-secret
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /actuator/health/liveness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /actuator/health/readiness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ {{- range $key, $val := .Values.secretEnv }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "common.fullname" . }}-test-connection
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+global: {}
+
+image:
+ imageName: onap/portal-ng/history
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 1
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+imagePullSecrets:
+ - name: onap-docker-registry-key
+nameOverride: ""
+fullnameOverride: ""
+
+# Custom selector label (for bigger namespaces with other components)
+partOf: portal
+
+service:
+ type: ClusterIP
+ port: 9002
+ ports:
+ - name: http
+ port: 9002
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+secretEnv:
+ MONGO_USERNAME: dbuser
+ MONGO_PASSWORD: dbpassword
+ MONGO_DATABASE: history
+
+env:
+ KEYCLOAK_URL: http://keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ MONGO_HOST: history-mongodb
+ MONGO_PORT: 27017
+ TRACING_ENABLED: true
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
+
+mongodb:
+ nameOverride: history-mongodb
+ service:
+ portName: tcp-mongodb
+ auth:
+ rootPassword: TrWAweN9y9eW
+ usernames:
+ - dbuser
+ passwords:
+ - dbpassword
+ databases:
+ - history
+ resources:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "250m"
+ memory: "500Mi"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-history
+ roles:
+ - read
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2024 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-preferences
+description: Helm chart of the preferences. This micro service provides the user preferences for the ONAP portal.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: mongodb
+ version: 14.12.2
+ repository: '@local'
+
+
--- /dev/null
+# Preferences helm chart
+This repository contains the chart for the preferences service.
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ - secretRef:
+ name: {{ include "common.fullname" . }}-secret
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /actuator/health/liveness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /actuator/health/readiness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ {{- range $key, $val := .Values.secretEnv }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "common.fullname" . }}-test-connection
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+global: {}
+
+# Default values for preferences.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+ imageName: onap/portal-ng/preferences
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 1
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+nameOverride: ""
+fullnameOverride: ""
+
+# Custom selector label (for bigger namespaces with other components)
+partOf: portal
+
+service:
+ type: ClusterIP
+ port: 9001
+ ports:
+ - name: http
+ port: 9001
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+secretEnv:
+ MONGO_USERNAME: dbuser
+ MONGO_PASSWORD: dbpassword
+ MONGO_DATABASE: Preferences
+
+env:
+ KEYCLOAK_URL: http://keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ MONGO_HOST: preferences-mongodb
+ MONGO_PORT: 27017
+ TRACING_ENABLED: true
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
+
+mongodb:
+ nameOverride: preferences-mongodb
+ service:
+ portName: tcp-mongodb
+ auth:
+ rootPassword: TrWAweN9y9eW
+ usernames:
+ - dbuser
+ passwords:
+ - dbpassword
+ databases:
+ - Preferences
+ resources:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "250m"
+ memory: "500Mi"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-preferences
+ roles:
+ - read
BFF_URL: http://portal-ng-bff.onap.svc.cluster.local:9080
NGINX_PORT: 8080
KEYCLOAK_REALM: ONAP
- KEYCLOAK_INTERNAL_URL: http://keycloak-http.keycloak.svc.cluster.local
+ KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local
KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org
#Pods Service Account
volumeMounts:
- name: dshm
mountPath: /dev/shm
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: robot-eteshare
mountPath: /share/config
- name: robot-lighttpd
- name: dshm
emptyDir:
medium: Memory
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: robot-eteshare
configMap:
name: {{ include "common.fullname" . }}-eteshare-configmap
command:
- /app/ready.py
args:
- - --container-name
- - "sdc-onboarding-be"
+ - --service-name
+ - sdc-onboarding-be
{{- if not .Values.global.kafka.useKafka }}
- - --container-name
- - "message-router"
+ - --service-name
+ - message-router
{{- end }}
env:
- name: NAMESPACE
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- name: logback
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdc-be
- "-t"
- "35"
command:
- /app/ready.py
args:
- - --app-name
- {{- if .Values.global.sdc_cassandra.localCluster }}
- - sdc-cs
- {{- else }}
- - cassandra
- {{- end }}
+ - --service-name
+ - {{ .Values.global.sdc_cassandra.serviceName }}
- "-t"
- "15"
env:
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
sdc_cassandra:
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- name: configs
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: configs
configMap:
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- name: logback
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
command:
- /app/ready.py
args:
- - --container-name
- - "sdc-wfd-be"
+ - --service-name
+ - sdc-wfd-be
env:
- name: NAMESPACE
valueFrom:
value: "{{ .Values.config.backendServerURL.http }}"
- name: IS_HTTPS
value: "false"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: logs
emptyDir: {}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: SDN Controller
name: sdnc
-version: 13.0.1
+version: 13.0.2
dependencies:
- name: common
# conditions for sdnc-subcharts
- name: dmaap-listener
version: ~13.x-0
- repository: 'file://components/dmaap-listener/'
+ repository: '@local'
condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
- name: ueb-listener
version: ~13.x-0
- repository: 'file://components/ueb-listener/'
+ repository: '@local'
condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
- name: sdnc-ansible-server
version: ~13.x-0
- repository: 'file://components/sdnc-ansible-server/'
+ repository: '@local'
condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
- name: sdnc-web
version: ~13.x-0
- repository: 'file://components/sdnc-web/'
+ repository: '@local'
condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
- name: repositoryGenerator
version: ~13.x-0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
+ repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: 'file://../serviceAccount'
+ repository: '@local'
\ No newline at end of file
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: config
mountPath: /opt/app/application.properties
subPath: application.properties
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}-config
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
- - --container-name
+ - --service-name
+ - {{ include "common.mariadbService" . }}
+ - --service-name
- {{ .Values.config.sdncChartName }}
- - --container-name
+ - --service-name
- {{ .Values.config.msgRouterContainerName }}
env:
- name: NAMESPACE
- name: LOG4J_FORMAT_MSG_NO_LOOKUPS
value: "true"
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/dblib.properties
name: properties
subPath: dblib.properties
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
dependencies:\r
- name: common\r
version: ~13.x-0\r
- repository: 'file://../common'\r
+ repository: '@local'\r
- name: repositoryGenerator\r
version: ~13.x-0\r
- repository: 'file://../repositoryGenerator'\r
- - name: mariadb-galera\r
- version: ~13.x-0\r
- repository: 'file://../mariadb-galera'\r
- condition: global.mariadbGalera.localCluster\r
+ repository: '@local'\r
- name: mariadb-init\r
version: ~13.x-0\r
- repository: 'file://../mariadb-init'\r
- condition: global.mariadbGalera.globalCluster\r
+ repository: '@local'\r
- name: serviceAccount\r
version: ~13.x-0\r
repository: '@local'
\ No newline at end of file
- /app/ready.py
args:
{{- if .Values.global.mariadbGalera.localCluster }}
- - --app-name
- - {{ index .Values "mariadb-galera" "nameOverride" }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
{{- else }}
- --job-name
- {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
- name: NENG_DB_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
- value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }}
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-init" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- name: POL_BASIC_AUTH_USER
mariadbGalera: &mariadbGalera
# flag to enable the DB creation via mariadb-operator
useOperator: true
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #When changing it to "true", also set "globalCluster: false"
- #as the dependency check will not work otherwise (Chart.yaml)
localCluster: false
- globalCluster: true
- service: mariadb-galera
- internalPort: 3306
+ service: &dbService mariadb-galera
+ internalPort: &dbPort 3306
nameOverride: mariadb-galera
#################################################################
login: '{{ .Values.config.polBasicAuthUser }}'
password: '{{ .Values.config.polBasicAuthPassword }}'
-# sub-chart config
-mariadb-galera:
- db:
- user: sdnctl
- # password:
- externalSecret: *dbUserSecretName
- name: &mysqlDbName nengdb
- nameOverride: nengdb
- service:
- name: nengdb
- portName: nengdbport
- replicaCount: 1
- mariadbOperator:
- galera:
- enabled: false
-
- persistence:
- enabled: true
- mountSubPath: network-name-gen/data
-
mariadb-init:
config:
userCredentialsExternalSecret: *dbUserSecretName
- mysqlDatabase: *mysqlDbName
+ mysqlDatabase: nengdb
nameOverride: nengdb-init
+ mariadb-galera:
+ nameOverride: *dbService
+ service:
+ internalPort: *dbPort
serviceAccount:
nameOverride: nengdb-init
serviceAccount:
nameOverride: network-name-gen
roles:
- - read
\ No newline at end of file
+ - read
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
env:
- name: NAMESPACE
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/RestServer_config
name: config
subPath: RestServer_config
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdnc
- - --container-name
+ - --service-name
- consul
env:
- name: NAMESPACE
workingDir: "/app"
command: [ "bin/prom.sh" ]
volumeMounts:
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: prom-config
mountPath: /app/config
- name: prom-scripts
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: prom-config
configMap:
name: {{ include "common.fullname" . }}-configmap
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
env:
- name: NAMESPACE
value: "{{ .Values.config.oauth.odluxRbac.enabled | default "false" }}"
- name: SDNRWEBSOCKETPORT
value: "{{ .Values.sdnrWebsocketPort | default "8182" }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
-
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
-
{{- include "common.imagePullSecrets" . | nindent 6 }}
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
- - --container-name
+ - --service-name
+ - {{ include "common.mariadbService" . }}
+ - --service-name
- {{ .Values.config.sdncChartName }}
- - --container-name
+ - --service-name
- {{ .Values.config.sdcbeChartName }}
- - --container-name
- - {{ .Values.config.msgRouterContainerName }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/dblib.properties
name: properties
subPath: dblib.properties
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
- {{- if .Values.global.mariadbGalera.localCluster }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
- {{- end }}
- {{ else }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
- {{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d
emptyDir: {}
- name: bin
- /app/ready.py
args:
{{- if .Values.config.sdnr.mariadb.enabled }}
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
{{- else }}
- --container-name
- {{.Values.elasticsearch.nameOverride}}-elasticsearch
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d
emptyDir: {}
- name: bin
- /app/ready.py
args:
{{ if .Values.dgbuilder.enabled -}}
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
- --job-name
- {{ include "common.fullname" . }}-dbinit-job
{{ end -}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
name: sdnc-logging-cfg-config
subPath: org.ops4j.pax.logging.cfg
{{- include "common.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: logs
emptyDir: {}
{{ include "common.log.volumes" . | nindent 8 }}
# dependency / sub-chart configuration
network-name-gen:
enabled: true
+
mariadb-galera: &mariadbGalera
nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
path: /var/log/onap
readinessCheck:
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo cnfm > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: backup-storage
mountPath: /var/data/mariadb
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: backup-storage
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- {{- if .Values.global.mariadbGalera.localCluster }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
- {{- end }}
- {{ else }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
- {{- end }}
- {{- end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}-config
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: CNFM_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: docker-entrypoint-initdb-d-sh
mountPath: "/docker-entrypoint-initdb.d"
- name: docker-entrypoint-initdb-d-sql
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d-sh
configMap:
name: {{ include "common.fullname" . }}-mariadb-sh
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:6.0.2
+ readinessImage: onap/oom/readiness:6.0.3
ubuntuInitRepository: docker.io
mariadbGalera:
# flag to enable the DB creation via mariadb-operator
- '{{ include "common.name" . }}-config'
readinessCheck:
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
readinessCheck:
wait_for:
- - aai
- - message-router
+ services:
+ - aai
+ - message-router
#################################################################
# Application configuration defaults.
apiVersion: v2
description: ONAP Strimzi Kafka
name: strimzi
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
podAntiAffinity:
enabled: true
config:
- kafkaVersion: 3.4.0
+ kafkaVersion: 3.7.0
authType: simple
saslMechanism: &saslMech scram-sha-512
kafkaInternalPort: &plainPort 9092
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
readinessCheck:
wait_for:
- containers:
- - *postgresName
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
wait_for_job_container:
containers:
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: "{{ .Values.log.path }}"
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- command:
- /app/ready.py
args:
- - --app-name
- - {{ include "common.mariadbAppName" . }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logconfig
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
readinessCheck:
wait_for:
- - '{{ .Values.postgres.nameOverride }}'
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
wait_for_job_container:
containers: