echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
"UserName": "${OSDF_OPT_ENGINE_USER}",
"Password": "${OSDF_OPT_ENGINE_PASS}"
}
+ },
+ {
+ "name": "cps",
+ "values": {
+ "UserName": "${CPS_USER}",
+ "Password": "${CPS_PASS}"
+ }
}
]
}
export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
export SO_PASS=${SO_PASS_PLAIN};
export SDC_PASS=${SDC_PASS_PLAIN};
+ export CPS_PASS=${CPS_PASS_PLAIN};
cd /config-input;
for PFILE in `find . -not -type d | grep -v -F ..`; do
envsubst <${PFILE} >/config/${PFILE};
- name: SDC_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
+ - name: CPS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }}
+ - name: CPS_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: {{ include "common.name" . }}-preload-input
login: '{{ .Values.oofCreds.sdcUsername }}'
password: '{{ .Values.oofCreds.sdcPassword }}'
passwordPolicy: required
+ - uid: cps-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.oofCreds.cpsUserExternalSecret) . }}'
+ login: '{{ .Values.oofCreds.cpsUsername }}'
+ password: '{{ .Values.oofCreds.cpsPassword }}'
+ passwordPolicy: required
oofCreds:
aaiUsername: oof@oof.onap.org
aaiPassword: demo123456!
sdcUsername: aai
sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ cpsUsername: ''
+ cpsPassword: ''
+ cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds'
+
# Configure resource requests and limits
resources:
small:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.1.1
+image: onap/ccsdk-dgbuilder-image:1.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.1.1
+image: onap/ccsdk-apps-ms-neng:1.2.0
pullPolicy: IfNotPresent
# application configuration
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for Postgres init job
+name: postgres-init
+version: 8.0.0
--- /dev/null
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
--- /dev/null
+--- User Setup
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Create schema for PG_USER
+
+\c ${PG_DATABASE}
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}" AUTHORIZATION "${PG_USER}";
--- /dev/null
+{{/*
+# Copyright © 2021 Orange
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.global.postgres.container.name }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
+ export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
+ psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
+ env:
+ - name: PG_HOST
+ value: "{{ .Values.global.postgres.service.name2 }}"
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: MODE
+ value: postgres
+ - name: PG_PRIMARY_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ .Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: {{ include "repositoryGenerator.image.postgres" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2021 Orange
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ postgres:
+ service:
+ name: pgset
+ container:
+ name: postgres
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+pullPolicy: Always
+
+# application configuration
+config:
+ pgUserName: testuser
+ pgDatabase: userdb
+ pgDataPath: data
+ pgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-postgres-db-root-password'
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
+
+nodeSelector: {}
+
+affinity: {}
+
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
# Modifications Copyright (C) 2021 Bell Canada.
# #
# # Licensed under the Apache License, Version 2.0 (the "License");
- name: PG_MODE
value: {{ $pgMode }}
- name: PG_PRIMARY_HOST
- value: "{{ $dot.Values.container.name.primary }}"
+ value: "{{ $dot.Values.service.name2 }}"
- name: PG_REPLICA_HOST
- value: "{{ $dot.Values.container.name.replica }}"
+ value: "{{ $dot.Values.service.name3 }}"
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- initContainers:
- - name: chowm-mount-path
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim}}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
imagePullPolicy: {{ .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
livenessProbe:
roles:
- read
-podSecurityContext: {}
- # fsGroup: 2000
-
securityContext:
# Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
- runAsUser: 70
- runAsGroup: 70
+ user_id: 70
+ group_id: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 20m
- memory: 256Mi
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
nodeSelector: {}
- name: postgres
version: ~8.x-0
repository: '@local'
+ condition: global.postgres.localCluster
+ - name: postgres-init
+ version: ~8.x-0
+ repository: '@local'
+ condition: not global.postgres.localCluster
+ #condition: global.postgres.postgresInit
- name: readinessCheck
version: ~8.x-0
repository: '@local'
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spring:
datasource:
+{{- if .Values.global.postgres.localCluster }}
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+{{- end }}
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
driverClassName: org.postgresql.Driver
ingress:
virtualhost:
baseurl: "simpledemo.onap.org"
+ #Service Names of the postgres db to connect to.
+ #Override it to cps-postgres if localCluster is enabled.
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
pgUserExternalSecret: *pgUserCredsSecretName
pgRootPasswordExternalSecret: *pgRootPassSecretName
+postgres-init:
+ nameOverride: cps-postgres-init
+ config:
+ pgUserName: cps
+ pgDatabase: cpsdb
+ pgDataPath: data
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
+
readinessCheck:
wait_for:
- - *postgresName
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
minReadySeconds: 10
updateStrategy:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bbs-eventprocessor-ms
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datafile-collector
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-admin-ui
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-des
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
pgUserName: datalake
pgDatabase: datalake
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-feeder
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
pgUserName: heartbeat
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-heartbeat
+ roles:
+ - read
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-hv-ves-collector
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-kpi-ms
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ms-healthcheck
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
\ No newline at end of file
+ repository: 'file://../../common/dcaegen2-services-common'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pm-mapper
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
config:
pgUserName: pmsh
pgDatabase: pmsh
- pgUserExternalSecret: *pgUserCredsSecretName
\ No newline at end of file
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pmsh
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-prh
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-restconf-collector
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
pgUserName: sliceanalysisms
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-slice-analysis-ms
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-snmptrap-collector
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
pgUserName: sonhms
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-son-handler
+ roles:
+ - read
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-tcagen2
+ roles:
+ - read
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-collector
+ roles:
+ - read
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-mapper
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.dcae_ns | default "" }}
- name: ONAP_NAMESPACE
value: {{ include "common.namespace" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-dcae-inputs-input
configMap:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bootstrap
+ roles:
+ - read
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
readOnly: true
securityContext:
privileged: True
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
mountPath: /dockerdata-nfs
mountSubPath: dcae-cm/data
volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-cloudify-manager
+ roles:
+ - create
+
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- name: {{ include "common.fullname" . }}-logs-i
mountPath: /var/log/onap/config-binding-service
{{ end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-fb-conf
configMap:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-config-binding-service
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-dashboard
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+serviceAccount:
+ nameOverride: dcae-deployment-handler
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ include "common.release" . }}
- name: DEPLOY_LABEL
value: cfydeployment
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
# If empty, use the common namespace
# dcae_ns: "onap"
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-healthcheck
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-inventory-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-policy-handler
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: "/opt/cert/cacert.pem"
- name: SCH_ARGS
value: "prod /opt/config.json"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
\ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-servicechange-handler
+ roles:
+ - read
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
configMap:
requests:
cpu: 1
memory: 1Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-openapi-manager
+ roles:
+ - read
dcae-servicechange-handler:
enabled: true
dcae-ves-openapi-manager:
- enabled: true
\ No newline at end of file
+ enabled: true
version: ~8.x-0
repository: '@local'
- name: mariadb-galera
- alias: mariadb
+ version: ~8.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
version: ~8.x-0
repository: '@local'
- name: certInitializer
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}}
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ - --job-name
+ - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
persistence: {}
+ mariadbGalera: &mariadbGalera
+ #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: dmaap-dr-db-user-secret
- name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials'
+ uid: 'dmaap-dr-db-user-credentials'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.dmaapDrDb.userName }}'
- password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
#################################################################
# Application configuration defaults.
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
- # dr-prov db configuration
- dmaapDrDb:
- mariadbServiceName: dmaap-dr-db
- mariadbServicePort: 3306
- mariadbContName: &dmaap-dr-db dmaap-dr-db
- userName: datarouter
-# userPassword: password
-# userCredentialsExternalSecret: some secret
-
# mariadb-galera configuration
-mariadb:
- name: *dmaap-dr-db
- nameOverride: *dmaap-dr-db
+mariadb-galera:
+ nameOverride: &dbServer dmaap-dr-db
replicaCount: 1
db:
- externalSecret: *dbSecretName
- name: datarouter
+ name: &mysqlDbName datarouter
+ user: datarouter
+ # password:
+ externalSecret: *dbUserSecretName
service:
- name: dmaap-dr-db
+ name: *dbServer
nfsprovisionerPrefix: dmaap-dr-db
persistence:
size: 1Gi
mountSubPath: data-router/dr-db-data
serviceAccount:
- nameOverride: *dmaap-dr-db
+ nameOverride: *dbServer
+
+mariadb-init:
+ config:
+ userCredentialsExternalSecret: *dbUserSecretName
+ mysqlDatabase: *mysqlDbName
+ nameOverride: dmaap-dr-mariadb-init
#################################################################
# AAF part
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-etsicatalog
{{- if .Values.persistence.enabled }}
cpu: 200m
memory: 500Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: modeling-etsicatalog
+ roles:
+ - read
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.3.0
+image: onap/msb/msb_apigateway:1.3.1
pullPolicy: Always
istioSidecar: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.3.0
+image: onap/msb/msb_apigateway:1.3.1
pullPolicy: Always
istioSidecar: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.9.0
+image: onap/multicloud/k8s:0.9.1
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~8.x-0
repository: '@local'
condition: portal.enabled
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ condition: postgres.enabled
- name: oof
version: ~8.x-0
repository: '@local'
version: ~8.x-0
repository: '@local'
condition: roles-wrapper.enabled
+ - name: timescaledb
+ version: ~8.x-0
+ repository: '@local'
+ condition: timescaledb.enabled
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
enabled: true
mariadb-galera:
enabled: true
+postgres:
+ enabled: true
aaf:
enabled: true
aai:
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# Secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
persistence:
enabled: true
secret_domain: {{ .Values.config.secret_domain }}
aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+configClientType: {{ .Values.config.configClientType }}
+
# config db api
configDbUrl: {{ .Values.config.configDbUrl }}
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
+# cps api
+cpsUrl: {{ .Values.config.cps.Url }}
+cpsCellListUrl: {{ .Values.config.cps.cellListUrl }}
+cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
+
# AAI api
aaiUrl: {{ .Values.config.aaiUrl }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
- |
grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
- ./osdfapp.sh -x osdfapp.py
+ python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.4
+image: onap/optf-osdf:3.0.6
pullPolicy: Always
# flag to enable debugging - application support required
aaf_sms_timeout: 30
secret_domain: osdf
aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
+ configClientType: cps
# config db api
configDbUrl: http://configdb:8080
configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList'
configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList'
+ # cps api
+ cps:
+ url: cps-tbdmt:8080/execute
+ cellListUrl: 'ran-network/getCellList'
+ nbrListUrl: 'ran-network/getNbrList'
+
#aai api
aaiUrl: https://aai:8443
aaiGetLinksUrl: /aai/v16/network/logical-links
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Runtime
+name: policy-clamp-cl-runtime
+version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RUNTIME_USER}
+ password: ${RUNTIME_PASSWORD}
+ http:
+ converters:
+ preferred-json-mapper: gson
+
+security:
+ enable-csrf: false
+
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/controlloop
+ error:
+ path: /error
+
+
+runtime:
+ supervisionScannerIntervalSec: 1000
+ participantClUpdateIntervalSec: 1000
+ participantClStateChangeIntervalSec: 1000
+ participantParameters:
+ heartBeatMs: 120000
+ maxMessageAgeMs: 600000
+ maxStatusWaitMs: 100000
+ updateParameters:
+ maxRetryCount: 3
+ maxWaitMs: 100000
+ databaseProviderParameters:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ databaseDriver: org.mariadb.jdbc.Driver
+ databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
+ databaseUser: ${SQL_USER}
+ databasePassword: ${SQL_PASSWORD}
+ persistenceUnit: CommissioningMariaDb
+ topicParameterGroup:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+ fetchTimeout: 15000
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-cl-runtime/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RUNTIME_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ - name: RUNTIME_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-runtime-config
+ - mountPath: /config
+ name: cl-runtime-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-runtime-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-runtime-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-runtime-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: runtime-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-runtime-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-runtime:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: none
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-runtime
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-runtime
+ roles:
+ - read
version: ~8.x-0
repository: 'file://components/policy-clamp-cl-k8s-ppnt'
condition: policy-clamp-cl-k8s-ppnt.enabled
+ - name: policy-clamp-cl-runtime
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-runtime'
+ condition: policy-clamp-cl-runtime.enabled
- name: policy-gui
version: ~8.x-0
repository: 'file://components/policy-gui'
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in migration pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory controlloop
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
policy-clamp-be:
enabled: true
db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-clamp-fe:
enabled: true
policy-clamp-cl-k8s-ppnt:
enabled: true
policy-nexus:
enabled: false
+policy-clamp-cl-runtime:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-gui:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.0
-backendInitImage: onap/sdc-backend-init:1.9.0
+image: onap/sdc-backend-all-plugins:1.9.3
+backendInitImage: onap/sdc-backend-init:1.9.3
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.0
-cassandraInitImage: onap/sdc-cassandra-init:1.9.0
+image: onap/sdc-cassandra:1.9.3
+cassandraInitImage: onap/sdc-cassandra-init:1.9.3
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.0
+image: onap/sdc-frontend:1.9.3
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.0
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0
+image: onap/sdc-onboard-backend:1.9.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.1.6
+image: onap/sdnc-dmaap-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
containers:
- name: {{ include "common.name" . }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+ args: ["-c", "cd /opt/ansible-server && ./startAnsibleServer.sh"]
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.1.6
+image: onap/sdnc-ansible-server-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.1.6"
+image: "onap/sdnc-web-image:2.2.0"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.1.6
+image: onap/sdnc-ueb-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.1.6
+image: onap/sdnc-image:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
spring:
aaf:
auth:
header: ${AAF_AUTH}
+ aai:
+ enabled: true
#################################################################
# Secrets metaconfig
#################################################################
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.8.3
+image: onap/so/so-cnf-adapter:1.9.1
pullPolicy: Always
readinessCheck:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.3
+image: onap/usecase-ui-server:4.0.5
pullPolicy: Always
# application configuration
flavor: small
# application image
-image: onap/usecase-ui:4.0.3
+image: onap/usecase-ui:4.0.5
pullPolicy: Always
# application configuration
# application image
flavor: small
-image: onap/vfc/gvnfmdriver:1.4.1
+image: onap/vfc/gvnfmdriver:1.4.3
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/nslcm:1.4.3
+image: onap/vfc/nslcm:1.4.4
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/db:1.3.4
+image: onap/vfc/db:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
flavor: small
-image: onap/vfc/vnflcm:1.4.1
+image: onap/vfc/vnflcm:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/vnfmgr:1.4.0
+image: onap/vfc/vnfmgr:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/vnfres:1.3.9
+image: onap/vfc/vnfres:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/ztevnfmdriver:1.4.0
+image: onap/vfc/ztevnfmdriver:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
Code Review / oom.git / commitdiff