Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4
============== =========== ======= ======== ======== ============
-.. note::
- Guilin version also supports Kubernetes up to version 1.19.x and should work
- with Helm with version up to 3.3.x but has not been thoroughly tested.
-
Minimum Hardware Configuration
==============================
.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
.. _user-guide-label:
-OOM User Guide helm3 (experimental)
-###################################
+OOM User Guide
+##############
The ONAP Operations Manager (OOM) provide the ability to manage the entire
life-cycle of an ONAP installation, from the initial deployment to final
on other O/Ss), the Kubernetes command line interface used to manage a
Kubernetes cluster::
- > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
+ > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.11/bin/linux/amd64/kubectl
> chmod +x ./kubectl
> sudo mv ./kubectl /usr/local/bin/kubectl
> mkdir ~/.kube
Helm is used by OOM for package and configuration management. To install Helm,
enter the following::
- > wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz
- > tar -zxvf helm-v3.5.2-linux-amd64.tar.gz
+ > wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz
+ > tar -zxvf helm-v3.6.3-linux-amd64.tar.gz
> sudo mv linux-amd64/helm /usr/local/bin/helm
Verify the Helm version with::
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.3
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
{{- end -}}
{{- define "common.log.volumes" -}}
-{{- if .Values.global.centralizedLoggingEnabled }}
+{{- $dot := default . .dot }}
+{{- if $dot.Values.global.centralizedLoggingEnabled }}
+{{- $configMapName := printf "%s-filebeat" (default (include "common.fullname" $dot) .configMapNamePrefix) }}
- name: filebeat-conf
configMap:
- name: {{ include "common.fullname" . }}-filebeat
+ name: {{ $configMapName }}
- name: filebeat-data
emptyDir: {}
{{- end -}}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.2.1
+image: onap/ccsdk-dgbuilder-image:1.2.2
pullPolicy: Always
# flag to enable debugging - application support required
value: "{{ .Values.config.aaiUri }}"
- name: AAI_AUTH
value: "{{ .Values.config.aaiAuth }}"
+ - name: DISABLE_HOST_VERIFICATION
+ value: "{{ .Values.config.disableHostVerification }}"
volumeMounts:
- name: certs
mountPath: /opt/etc/config/aai_keystore
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.2.0
+image: onap/ccsdk-apps-ms-neng:1.2.1
pullPolicy: IfNotPresent
# application configuration
polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
+ disableHostVerification: true
aaiCertPass: changeit
aaiCertPath: /opt/etc/config/aai_keystore
aaiAuth: QUFJOkFBSQ==
dmi:
service:
- name: {{ .Values.config.dmiServiceName }}
+ url: {{ .Values.config.dmiServiceUrl }}
cps-core:
baseUrl: {{ .Values.config.cpsCore.url }}
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.0.0
+image: onap/ncmp-dmi-plugin:1.0.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
spring:
profile: helm
- dmiServiceName: http://*svc_name:*svc_port
+ dmiServiceUrl: http://*svc_name:*svc_port
sdnc:
url: http://sdnc:8181
username: admin
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.4
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.5
pullPolicy: Always
# Log directory where logging sidecar should look for log files
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
containers:
- name: dcae-cleanup
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-consul
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
- command:
- /app/ready.py
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-log-conf
configMap:
cpu: 400m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-discovery
+ roles:
+ - read
- name: certInitializer
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
cpu: 200m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-eag
+ roles:
+ - read
- name: certInitializer
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
annotations:
sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
spec:
- serviceAccountName: msb
initContainers:
{{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- mountPath: /opt/ajsc/etc/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
cpu: 100m
memory: 400Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: msb-iag
+ roles:
+ - read
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
#################################################################
# Application configuration defaults.
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
#################################################################
# Application configuration defaults.
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
persistence: {}
#################################################################
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.1
prometheus:
enabled: false
persistence: {}
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: nbi
+ roles:
+ - read
sources:
- https://gerrit.onap.org/r/#/admin/projects/
icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2
-kubeVersion: ">=1.19"
+kubeVersion: ">=1.19.0-0"
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
port: 8091
config:
ssl: "redirect"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-controller
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-data
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-reservation
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof-has-solver
+ roles:
+ - read
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
oof-has:
enabled: true
certSecret: *oof-certs
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: oof
+ roles:
+ - read
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.6.0
+image: onap/policy-apex-pdp:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.5.0
+image: onap/policy-api:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.1.2
+image: onap/policy-clamp-backend:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-k8s-ppnt:6.1.2
+image: onap/policy-clamp-cl-k8s-ppnt:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-runtime:6.1.2
+image: onap/policy-clamp-cl-runtime:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.1.2
+image: onap/policy-clamp-frontend:6.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.6.0
+image: onap/policy-distribution:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.9.0
+image: onap/policy-pdpd-cl:1.9.1
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-gui:2.1.0
+image: onap/policy-gui:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.5.0
+image: onap/policy-pap:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.5.0
+image: onap/policy-xacml-pdp:2.5.1
pullPolicy: Always
# flag to enable debugging - application support required
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.3.0
+ image: onap/policy-db-migrator:2.3.1
schema: policyadmin
policy_home: "/opt/app/policy"
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.3
-backendInitImage: onap/sdc-backend-init:1.9.3
+image: onap/sdc-backend-all-plugins:1.9.4
+backendInitImage: onap/sdc-backend-init:1.9.4
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.3
-cassandraInitImage: onap/sdc-cassandra-init:1.9.3
+image: onap/sdc-cassandra:1.9.4
+cassandraInitImage: onap/sdc-cassandra-init:1.9.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.3
+image: onap/sdc-frontend:1.9.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
+image: onap/sdc-onboard-backend:1.9.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.4
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.0
+image: onap/sdnc-dmaap-listener-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.0
+image: onap/sdnc-ansible-server-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.2.0"
+image: "onap/sdnc-web-image:2.2.1"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.0
+image: onap/sdnc-ueb-listener-image:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.0
+image: onap/sdnc-image:2.2.1
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.9.1
+image: onap/so/so-cnf-adapter:1.9.2
pullPolicy: Always
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-nssmf-adapter:1.8.3
+image: onap/so/so-nssmf-adapter:1.9.1
pullPolicy: Always
db:
onap:
so:
adapters:
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ default_keystone_url_version: /v3
+ {{- else }}
default_keystone_url_version: /v2.0
+ {{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
retrylist: 408,429,500,502,503,504,900
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
tenant:
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ default_keystone_url_version: /v3
+ {{- else }}
default_keystone_url_version: /v2.0
+ {{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
default_tenant_description: Tenant
default_region_type: single
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
nodeSelector: {}
tolerations: []
affinity: {}
[
{
"dcp_clli": "DEFAULT_KEYSTONE",
+ {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }}
+ "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v3",
+ {{- else }}
"identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v2.0",
+ {{- end }}
"mso_id": "{{ .Values.config.openStackUserName }}",
"mso_pass": "{{ .Values.config.openStackEncryptedPasswordHere }}",
"admin_tenant":"{{ .Values.config.openStackServiceTenantName }}",
"member_role": "admin",
"tenant_metadata": "true",
- "identity_server_type": "KEYSTONE",
+ "identity_server_type": "{{ .Values.config.openStackKeystoneVersion }}",
"identity_authentication_type": "USERNAME_PASSWORD"
}
],
config:
logstashServiceName: log-ls
logstashPort: 5044
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \