[submodule "kubernetes/aai"]
- path = kubernetes/aai
- url = ../aai/oom
- branch = master
- ignore = dirty
+ path = kubernetes/aai
+ url = ../aai/oom
+ branch = frankfurt
+ ignore = dirty
[submodule "kubernetes/robot"]
- path = kubernetes/robot
- url = ../testsuite/oom
- branch = .
- ignore = dirty
-
\ No newline at end of file
+ path = kubernetes/robot
+ url = ../testsuite/oom
+ branch = frankfurt
+ ignore = dirty
+
oom_cloud_setup_guide.rst
release-notes.rst
oom_setup_kubernetes_rancher.rst
+ oom_setup_ingress_controller.rst
`onap-all.yaml`
Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+`onap-all-ingress-nginx-vhost.yaml`
+ Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
+ Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+
`environment.yaml`
Includes configuration values specific to the deployment environment.
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020, Samsung Electronics
+
+.. Links
+.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
+.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
+.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug
+.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
+.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+.. _onap-on-kubernetes-with-rancher:
+
+
+Ingress controller setup on HA Kubernetes Cluster
+#################################################
+
+This guide provides instruction how to setup experimental ingress controller feature.
+For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
+to deploy and manage our Kubernetes Cluster and ingress controller
+
+.. contents::
+ :depth: 1
+ :local:
+..
+
+The result at the end of this tutorial will be:
+
+#. Customization of the cluster.yaml file for ingress controller support
+
+#. Installation and configuration test DNS server for ingress host resolution on testing machines
+
+#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+
+#. Instalation and configuration NGINX ingress controller
+
+#. Additional info howto deploy onap with services exposed via Ingress controller
+
+Customize cluster.yml file
+===========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+
+.. code-block:: yaml
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
+
+For external load balacer purposes minimum one of the worker node should be configured with external IP
+address accessible outside the cluster. It can be done using the following example node configuration:
+
+.. code-block:: yaml
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+
+Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+
+
+
+DNS server configuration and instalation
+========================
+DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
+resolves all subdomain related to the onap cluster to the load balancer IP.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+DNS server has automatic instalation and configuration script, so instalation is quite easy::
+
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+
+ > ./deploy\_dns.sh
+
+After DNS deploy you need to setup DNS entry on the target testing machine.
+Because DNS listen on non standard port configuration require iptables rules
+on the target machine. Please follow the configuation proposed by the deploy scripts
+Example output depends on the IP address and example output looks like bellow::
+
+
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+
+
+MetalLB Load Balancer instalation and configuration
+====================================================
+
+By default pure Kubernetes cluster requires external load balancer if we want to expose
+external port using LoadBalancer settings. For this purpose MetalLB can be used.
+Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+
+MetalLB Load balanancer can be easily installed using automatic install script::
+
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
+
+ > ./install-metallb-on-cluster.sh
+
+
+Configuration NGINX ingress controller
+=======================================
+
+After installation DNS server and ingress controller we can install and configure ingress controller.
+It can be done using the following commands::
+
+ > cd kubernetes/contrib/ingress-nginx-post-inst
+
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
+
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+
+After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
+with external IP address::
+
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+
+
+ONAP with ingress exposed services
+=====================================
+If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+
+Ingress also can be enabled on any onap setup override using following code:
+
+.. code-block:: yaml
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
+
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.cass.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: fix-permission
args:
- -c
- |
- chmod -R 775 /opt/app/aaf/status
chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /var/lib/cassandra
chown -R 1000:1000 /var/lib/cassandra
image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 100Mi
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-cass"]
- ports:
- - name: storage
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: CASSANDRA_CLUSTER_NAME
- value: {{.Values.global.aaf.cass.cluster_name}}
+ value: {{ .Values.config.cluster_name }}
- name: CASSANDRA_DC
- value: {{.Values.global.aaf.cass.dc}}
+ value: {{ .Values.config.dc }}
- name: CQLSH
value: "/opt/cassandra/bin/cqlsh"
- name: HEAP_NEWSIZE
- value: {{.Values.global.aaf.cass.heap_new_size}}
+ value: {{ .Values.config.heap_new_size }}
- name: MAX_HEAP_SIZE
- value: {{.Values.global.aaf.cass.max_heap_size}}
+ value: {{ .Values.config.max_heap_size }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
volumeMounts:
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- name: aaf-cass-vol
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data
+ claimName: {{ include "common.fullname" . }}
{{- else }}
emptyDir: {}
{{- end }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" .}}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-# annotations:
-# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.storage_port}}
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.ssl_storage_port}}
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- protocol: TCP
- port: {{.Values.global.aaf.cass.native_trans_port}}
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- protocol: TCP
- port: {{.Values.global.aaf.cass.rpc_port}}
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
+{{ include "common.service" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application configuration
-config: {}
+replicaCount: 1
nodeSelector: {}
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: tcp-cql
+
+image: onap/aaf/aaf_cass:2.1.20
+
+config:
+ cluster_name: osaaf
+ heap_new_size: 512M
+ max_heap_size: 1024M
+ dc: dc1
readiness:
initialDelaySeconds: 5
service:
name: aaf-cass
type: ClusterIP
- portName: aaf-cass
- #targetPort
- internalPort: 7000
- #port
- externalPort: 7000
-
- internalPort2: 7001
- externalPort2: 7001
- internalPort3: 9042
- externalPort3: 9042
- internalPort4: 9160
- externalPort4: 9160
+ ports:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 2100m
- memory: 1792Mi
- requests:
- cpu: 30m
- memory: 1280Mi
- large:
- limits:
- cpu: 4
- memory: 12000Mi
- requests:
- cpu: 40m
- memory: 9000Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 2100m
+ memory: 1792Mi
+ requests:
+ cpu: 30m
+ memory: 1280Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 12000Mi
+ requests:
+ cpu: 40m
+ memory: 9000Mi
+ unlimited: {}
persistence:
enabled: true
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.cm.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.cm.internal_port }}
- nodePort: {{ .Values.global.aaf.cm.public_port }}
- name: aaf-cm
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: cm
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-cm
type: ClusterIP
- portName: aaf-cm
- #targetPort
- internalPort: 8150
- #port
- externalPort: 8150
+ ports:
+ - name: api
+ protocol: http
+ port: 8150
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 400m
- memory: 300Mi
- requests:
- cpu: 1m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 600Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 400m
+ memory: 300Mi
+ requests:
+ cpu: 1m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 600Mi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.fs.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.fs.internal_port }}
- nodePort: {{ .Values.global.aaf.fs.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: fs
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-fs
type: ClusterIP
- portName: aaf-fs
- #targetPort
- internalPort: 8096
- #port
- externalPort: 8096
+ ports:
+ - name: api
+ port: 8096
+ protocol: http
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 110Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 500m
- memory: 700Mi
- requests:
- cpu: 100m
- memory: 400Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 110Mi
+ requests:
+ cpu: 1m
+ memory: 80Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 700Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.gui.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.gui.internal_port }}
- nodePort: {{ .Values.global.aaf.gui.public_port }}
- name: aaf-gui
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: gui
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: gui
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: gui
service:
name: aaf-gui
type: NodePort
- portName: aaf-gui
- #targetPort
- internalPort: 8200
- #port
- externalPort: 8200
- nodePort: 51
+ ports:
+ - name: gui
+ protocol: http
+ port: 8200
+ nodePort: 51
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 280Mi
- requests:
- cpu: 1m
- memory: 170Mi
- large:
- limits:
- cpu: 200m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 280Mi
+ requests:
+ cpu: 1m
+ memory: 170Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ unlimited: {}
+++ /dev/null
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pv
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ .Chart.Name }}-hello
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pvc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
-{{- end -}}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.hello.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-hello-vol
- {{- if and .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-hello-pvc
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: fix-permission
- command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"]
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"]
-# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"]
-# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
-# This should the APP's FQDN to be put in Locator
-# This MUST match what is entered for AAF Certificate Artifacts
- - name: aaf_locator_fqdn
- value: "{{.Values.aaf_init.fqdn}}"
-# Hello specific. Clients don't don't need this, unless Registering with AAF Locator
-# This should be the APP's PUBLIC FQDN, if applicable
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aaf_init.locator_public_fqdn}}"
- - name: LATITUDE
- value: "{{ .Values.aaf_init.cadi_latitude }}"
- - name: LONGITUDE
- value: "{{ .Values.aaf_init.cadi_longitude }}"
-# Note: We want to put this in Secrets or at LEAST ConfigMaps
- - name: "DEPLOY_FQI"
- value: "deployer@people.osaaf.org"
-# Note: want to put this on Nodes, evenutally
- - name: "DEPLOY_PASSWORD"
- value: "demo123456!"
+ initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
# CONTAINER Definition
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
- image: {{ .Values.global.repository }}/{{.Values.service.image }}
+ image: {{ .Values.global.repository }}/{{.Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.port }}
- nodePort: {{ .Values.service.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ aafEnabled: true
flavor: small
aaf_init:
# You might want this in your own app. For AAF, we store in global
# replicas: 1
- image: onap/aaf/aaf_agent:2.1.20
- fqi: "aaf@aaf.osaaf.org"
+ fqi: aaf@aaf.osaaf.org
# This MUST match what is put in AAF's "Artifact" for Certificates
- fqdn: "aaf-hello"
+ fqdn: aaf-hello
# What is put in Locator for External Access
- locator_public_fqdn: "aaf.osaaf.org"
- app_ns: "org.osaaf.aaf"
- deploy_fqi: "deployer@people.osaaf.org"
+ public_fqdn: aaf.osaaf.org
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
+ permission_user: 1000
+ permission_group: 999
-service:
- image: onap/aaf/aaf_hello:2.1.20
- port: "8130"
- public_port: "31119"
+replicaCount: 0
-persistence:
- enabled: false
- #existingClaim:
- # You will want "Reatan" in non-Hello Example.
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 40M
- mountPath: /dockerdata-nfs
- mountSubPath: aaf/hello
+image: onap/aaf/aaf_hello:2.1.20
+
+service:
+ name: aaf-hello
+ type: ClusterIP
+ ports:
+ - name: api
+ protocol: http
+ port: 8130
nodeSelector: {}
affinity: {}
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.aafDeployFqi }}'
+ password: '{{ .Values.aaf_init.aafDeployPass }}'
+ passwordPolicy: required
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 20m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 20m
+ memory: 500Mi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.locate.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.locate.internal_port }}
- nodePort: {{ .Values.global.aaf.locate.public_port }}
- name: aaf-locate
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: locate
+
+sequence_order:
+ - service
nodeSelector: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-locate
type: ClusterIP
- portName: aaf-locate
- #targetPort
- internalPort: 8095
- #port
- externalPort: 31111
+ ports:
+ - name: api
+ protocol: http
+ port: 8095
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 100m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 100m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 500Mi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.oauth.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.oauth.internal_port }}
- nodePort: {{ .Values.global.aaf.oauth.public_port }}
- name: aaf-oauth
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
# Application configuration defaults.
#################################################################
# application image
+
+replicaCount: 1
+
+binary: oauth
+
+sequence_order:
+ - service
+ - locate
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-oauth
type: ClusterIP
- portName: aaf-oauth
- #targetPort
- internalPort: 8140
- #port
- externalPort: 8140
+ ports:
+ - name: api
+ protocol: http
+ port: 8140
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 40m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 600Mi
- requests:
- cpu: 40m
- memory: 200Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 40m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 600Mi
+ requests:
+ cpu: 40m
+ memory: 200Mi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.service.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"]
- image: {{.Values.global.repository}}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: cm_always_ignore_ips
- value: "true"
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-service* && echo $HOSTNAME >> aaf-service.hosts"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.service.internal_port }}
- nodePort: {{ .Values.global.aaf.service.public_port }}
- name: aaf-service
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
#################################################################
# application image
+replicaCount: 1
+
+binary: service
+
+sequence_order:
+ - cass
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-service
- type: NodePort
- portName: aaf-service
- #targetPort
- internalPort: 8100
- #port
- externalPort: 31110
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8100
+ protocol: http
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 250m
- memory: 360Mi
- requests:
- cpu: 10m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 300Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 250m
+ memory: 360Mi
+ requests:
+ cpu: 10m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 300Mi
+ unlimited: {}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 2
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
containers:
- name: {{ include "common.fullname" . }}-tpmconfig
mountPath: "/abrmd/cred/"
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.global.tpm.enabled }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{ else }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
+ resources:
+ limits:
+ cpu: 1
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
{{- end -}}
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
{{- end -}}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
- serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.tpm.enabled }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-dbus
mountPath: /var/run/dbus
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: {{ include "common.fullname" . }}-secrets
mountPath: /testca/secrets
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
- name: {{ include "common.fullname" . }}-dbus
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-data
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dataMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-dbus
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dbusMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
persistence:
enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- dataMountSubPath: sshsm/data
- dbusMountSubPath: sshsm/dbus
+ data:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/data
+ dbus:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/dbus
+
+
# Configure resource requests and limits
resources:
--- /dev/null
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.deployment" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec: {{ include "aaf.initContainers" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ workingDir: /opt/app/aaf
+ command: ["bin/{{ .Values.binary }}"]
+ image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{.Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-config-vol
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.permissionFixer" -}}
+- name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chown -R 1000:1000 /opt/app/aaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.podConfiguration" }}
+- name: {{ include "common.name" . }}-config-container
+ image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - |
+ cd /opt/app/aaf_config
+ bin/agent.sh
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ env:
+ - name: aaf_env
+ value: "{{ .Values.global.aaf.aaf_env }}"
+ - name: cadi_latitude
+ value: "{{ .Values.global.aaf.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.global.aaf.cadi_longitude }}"
+ - name: cadi_x509_issuers
+ value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_release
+ value: "{{ .Values.global.aaf.aaf_release }}"
+ - name: aaf_locator_container_ns
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.global.aaf.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.global.aaf.aaf_locator_name}}"
+ - name: aaf_locator_name_oom
+ value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
+ - name: cm_always_ignore_ips
+ value: "true"
+ - name: CASSANDRA_CLUSTER
+ value: "aaf-cass.{{ .Release.Namespace }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.initContainers" -}}
+initContainers:
+{{ include "aaf.permissionFixer" . }}
+{{- if .Values.sequence_order }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ command:
+ - /root/ready.py
+ args:
+ {{- range $container := .Values.sequence_order }}
+ - --container-name
+ - aaf-{{ $container}}
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end }}
+{{ include "aaf.podConfiguration" . }}
+{{- end }}
+++ /dev/null
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-config
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.config.size}}
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.config.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.config.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-status
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.status.size}}
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.status.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.status.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
loggingImage: beats/filebeat:5.5.0
# BusyBox image
busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
+ busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
config:
image: onap/aaf/aaf_config:2.1.20
- cass:
- replicas: 1
- image: onap/aaf/aaf_cass:2.1.20
- fqdn: "aaf-cass"
- cluster_name: "osaaf"
- heap_new_size: "512M"
- max_heap_size: "1024M"
- storage_port: 7000
- ssl_storage_port: 7001
- native_trans_port: 9042
- rpc_port: 9160
- dc: "dc1"
+
service:
- replicas: 1
fqdn: "aaf-service"
internal_port: 8100
public_port: 31110
locate:
- replicas: 1
fqdn: "aaf-locate"
internal_port: 8095
public_port: 31111
oauth:
- replicas: 1
- fqdn: "aaf0oauth"
+ fqdn: "aaf-oauth"
internal_port: 8140
public_port: 31112
- gui:
- replicas: 1
- fqdn: "aaf-gui"
- internal_port: 8200
- public_port: 31113
- cm:
- replicas: 1
- fqdn: "aaf-cm"
- internal_port: 8150
- public_port: 31114
- fs:
- replicas: 1
- fqdn: "aaf-fs"
- internal_port: 8096
- public_port: 31115
- hello:
- replicas: 0
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
config:
ssl: "none"
-## Persist data to a persitent volume
-persistence:
- enabled: true
- config:
- #existingClaim:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "config"
- logs:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: "/mnt/data/aaf/logs"
- status:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2M
- mountPath: /dockerdata-nfs
- mountSubPath: "status"
- cass:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "cass"
-
+persistence: {}
resources: {}
-Subproject commit 2d6141ab8bd7bfe58f5da0483e578032226e7ebb
+Subproject commit d687fd0c9efe31e93287da11e3e390984a5fb6ce
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.1
+image: onap/ccsdk-blueprintsprocessor:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.1
+image: onap/ccsdk-commandexecutor:0.7.2
pullPolicy: Always
# application configuration
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Py Executor
+name: cds-py-executor
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-py-executor:0.7.2
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.1
+image: onap/ccsdk-sdclistener:0.7.2
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.1
+image: onap/ccsdk-cds-ui-server:0.7.2
pullPolicy: Always
# application configuration
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
- name: {{ include "common.name" $dot }}-aaf-config
image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
#Hello specific. Clients don't don't need this, unless Registering with AAF Locator
- name: aaf_locator_public_fqdn
value: "{{ $aafRoot.public_fqdn | default "" }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end -}}
{{- end -}}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.6.3
+image: onap/ccsdk-apps-ms-neng:0.7.1
pullPolicy: IfNotPresent
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
#DB.schema: {{ .Values.postgres.config.pgDatabase }}
# postgres user name
-#DB.user: {{ .Values.postgres.config.pgUserName }}
+DB.user: ${PG_USER}
# postgres user password
-DB.cred: {{ .Values.postgres.config.pgUserPassword }}
+DB.cred: ${PG_PASSWORD}
#####################################################
spec:
{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-config-input
+ - mountPath: /config
+ name: {{ include "common.name" . }}-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-aaf-readiness
command:
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.name" . }}-config
+ - name: {{ include "common.name" . }}-config-input
configMap:
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.name" . }}-aaf-config-vol
emptyDir: {}
+ - name: {{ include "common.name" . }}-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
data:
aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }}
{{- end }}
+---
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
config:
pgUserName: dmaap_admin
pgDatabase: dmaap
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
persistence:
mountSubPath: dbc/data
mountInitPath: dbc
type: NodePort
name: dmaap-dr-node
useNodePortExt: true
+ both_tls_and_plain: true
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
ports:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.5.0
+image: onap/multicloud/k8s:0.6.0
pullPolicy: Always
# flag to enable debugging - application support required
# Default installation values to be overridden
server:
- jvmOpts: -server -Xms1024m -Xmx2048m
+ jvmOpts: -server -XshowSettings:vm
aaf:
enabled: "false"
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.0
+image: onap/portal-app:3.2.1
pullPolicy: Always
#AAF local config
/*
Replace spaces with underscores for role names to match AAF role names
*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
+UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
/*
-Subproject commit c81062626b69160145baac5e6a5d670cb67211fa
+Subproject commit 1bc31c7d76408bdf2267bf72bf3b1b1e18e2367f
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.4
-backendInitImage: onap/sdc-backend-init:1.6.4
+image: onap/sdc-backend:1.6.5
+backendInitImage: onap/sdc-backend-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.4
-cassandraInitImage: onap/sdc-cassandra-init:1.6.4
+image: onap/sdc-cassandra:1.6.5
+cassandraInitImage: onap/sdc-cassandra-init:1.6.5
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.4
+image: onap/sdc-frontend:1.6.5
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.4
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
+image: onap/sdc-onboard-backend:1.6.5
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.1
+image: onap/sdnc-dmaap-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.1
+image: onap/sdnc-ansible-server-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.1
+image: onap/admportal-sdnc-image:1.8.2
config:
dbFabricDB: mysql
dbFabricUser: admin
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.1
+image: onap/sdnc-ueb-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
+{{- end -}}
+{{- end -}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{ if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf
- image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- command:
- - bash
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh &&
- cd /opt/app/osaaf/local &&
- /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+{{ include "common.aaf-config" . | indent 6 }}
{{ end }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
volumeMounts:
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
+{{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: {{ include "common.fullname" . }}-data
- mountPath: /var/log/onap
name: logs
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
name: properties
subPath: akka.conf
- name: properties
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-certs
- {{ if .Values.certpersistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-certs
- {{ else }}
- emptyDir: {}
- {{ end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: aaf-creds
+ - uid: &aaf_secret_uid aaf-creds
type: basicAuth
externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
login: '{{ .Values.aaf_init.deploy_fqi }}'
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.1
+image: onap/sdnc-image:1.8.2
# flag to enable debugging - application support required
numberGGLogFiles: 10
# dependency / sub-chart configuration
+aafConfig:
+ addconfig: true
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ secret_uid: *aaf_secret_uid
+ credsPath: /opt/app/osaaf/local
+
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2017 Huawei Technologies Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE configuration
+PUBLIC "//mybatis.org//DTD Config 3.0//EN"
+"http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+ <environments default="development">
+ <environment id="development">
+ <transactionManager type="JDBC" />
+ <dataSource type="UNPOOLED">
+ <property name="driver" value="org.postgresql.Driver" />
+ <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="username" value="${PG_USER}" />
+ <property name="password" value="${PG_PASSWORD}" />
+ </dataSource>
+ </environment>
+ </environments>
+ <mappers>
+ <mapper resource="mybatis/sql/MarketplaceMapper.xml" />
+ </mappers>
+</configuration>
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
name: {{ include "common.name" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- env:
- - name: POSTGRES_SERVICE_HOST
- value: "$(VNFSDK_DBSET_SERVICE_HOST)"
+ volumes:
+ - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
+ name: init-data
+ subPath: configuration.xml
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PGPASSWORD
- value: "{{ .Values.postgres.config.pgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
command:
- /bin/sh
- -c
- |
- psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
+ psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
volumeMounts:
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
config:
pgUserName: postgres
pgDatabase: postgres
- pgPrimaryPassword: postgres
- pgUserPassword: postgres
- pgRootPassword: postgres
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false
Code Review / oom.git / commitdiff