chartstorage/
+**/charts/*.tgz
+helm/plugins/deploy/cache/
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.2.5
+image: onap/ccsdk-oran-a1policymanagementservice:1.3.0
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
{{/*
#
-# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
-blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
-blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
-blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
+blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }}
+blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
+blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
-
-# Kafka Audit Service Configurations
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
+
+# AUDIT KAFKA FEATURE CONFIGURATION
+# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
+## Audit request
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
+{{ end }}
+
+## Audit response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
+{{ end }}
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
## Enable py-executor
blueprintsprocessor.streamingRemoteExecution.enabled=true
-# Used in Health Check
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
+## Used in Health Check
+#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
+#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
+#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
#Encrypted username and password for health check service
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+{{ end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.kafkaRequestConsumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ operation: All
+{{ end }}
\ No newline at end of file
{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
args:
- --container-name
- cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.name
- name: CLUSTER_CONFIG_FILE
value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ {{ if .Values.useStrimziKafka }}
+ - name: JAAS_PASS
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
+ {{ end }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
+ - uid: cds-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: password
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# AAF part
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.2.1
+image: onap/ccsdk-blueprintsprocessor:1.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
+ someConfig: blah
# default number of instances
replicaCount: 1
affinity: {}
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
+# If useStrimziKafka is true, the following also applies:
+# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
+# The connection type must be kafka-scram-plain-text-auth
+# The bootstrapServers will target the strimzi kafka cluster by default
+useStrimziKafka: false
+cdsKafkaUser: cds-kafka-user
+kafkaRequestConsumer:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ groupId: cds-consumer
+ topic: cds.blueprint-processor.self-service-api.request
+ clientId: request-receiver-client-id
+ pollMillSec: 1000
+kafkaRequestProducer:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.response
+ enableIdempotence: false
+kafkaAuditRequest:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.request
+ enableIdempotence: false
+kafkaAuditResponse:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-response-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.response
+ enableIdempotence: false
# probe configuration parameters
startup:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.2.1
+image: onap/ccsdk-commandexecutor:1.3.0
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.2.1
+image: onap/ccsdk-py-executor:1.3.0
pullPolicy: Always
# default number of instances
keyStorePath:
activateServerTLSAuth : false
isUseHttpsWithDmaap: false
+ isUseHttpsWithSDC: true
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
grpcPort: 9111
authHeader: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ httpsProxyHost:
+ httpProxyHost:
+ httpsProxyPort: 0
+ httpProxyPort: 0
+
cdslistener:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.2.1
+image: onap/ccsdk-sdclistener:1.3.0
name: sdc-listener
pullPolicy: Always
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.2.1
+image: onap/ccsdk-cds-ui-server:1.3.0
pullPolicy: Always
# application configuration
# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ cdsKafkaUser: cds-kafka-user
#################################################################
# Secrets metaconfig
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
cds-command-executor:
enabled: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.2.2
+image: onap/ccsdk-dgbuilder-image:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
clusterDomain: cluster.local
metrics: {}
-image: bitnami/mariadb-galera:10.6.5-debian-10-r28
+image: bitnami/mariadb-galera:10.5.8
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.2.1
+image: onap/ccsdk-apps-ms-neng:1.3.0
pullPolicy: IfNotPresent
# application configuration
jreImage: onap/integration-java11:10.0.0
kubectlImage: bitnami/kubectl:1.22.4
loggingImage: beats/filebeat:5.5.0
- mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28
+ mariadbImage: bitnami/mariadb:10.5.8
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
ports:
- port: {{ .Values.service.web.externalPort }}
targetPort: {{ .Values.service.web.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }}
name: {{ .Values.service.web.portName }}
selector:
app: {{ include "common.fullname" . }}
internalPort: 15672
externalPort: 15672
web:
- type: NodePort
+ type: ClusterIP
portName: web
internalPort: 8052
externalPort: 8052
- nodePort: 78
rabbitmq:
type: ClusterIP
http:
{{/*
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
password: ${DB_PASSWORD}
driverClassName: org.postgresql.Driver
initialization-mode: always
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
+ kafka:
+ producer:
+ client-id: cps-core
+
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
+
logging:
level:
org:
username: ${DMI_USERNAME}
password: ${DMI_PASSWORD}
-{{- if .Values.config.eventPublisher }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
{{ toYaml .Values.config.eventPublisher | nindent 2 }}
{{- end }}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
# Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
- name: DMI_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
-
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
# Modifications Copyright (C) 2022 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.config.dmiPluginUserName }}'
password: '{{ .Values.config.dmiPluginUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Global configuration defaults.
container:
name: postgres
-image: onap/cps-and-ncmp:3.0.0
+image: onap/cps-and-ncmp:3.0.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
#appUserPassword:
dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format insead of yaml.
+# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
- eventPublisher:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: SASL_PLAINTEXT
- spring.kafka.properties.sasl.mechanism: PLAIN
- spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
- spring.kafka.producer.client-id: cps-core
+# kafka config
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventPublisher:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: SASL_PLAINTEXT
+# spring.kafka.properties.sasl.mechanism: PLAIN
+# spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
additional:
notification.data-updated.enabled: true
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
-security:
- auth:
- username: ${APP_USERNAME}
- password: ${APP_PASSWORD}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+
+app:
+ listener:
+ data-updated:
+ topic: {{ .Values.config.app.listener.dataUpdatedTopic }}
-# Event consumption properties (kafka)
-{{- if .Values.config.eventConsumption }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
{{- end }}
-# Additional properties
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+security:
+ auth:
+ username: ${APP_USERNAME}
+ password: ${APP_PASSWORD}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: APP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
image: onap/cps-temporal:1.1.0
containerPort: &svc_port 8080
profile: helm
#appUserPassword:
- # Event consumption (kafka) properties
- # All Kafka properties must be in "key: value" format instead of yaml.
- eventConsumption:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: PLAINTEXT
- spring.kafka.consumer.group-id: cps-temporal-group
- app.listener.data-updated.topic: cps.data-updated-events
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: cps-temporal-group
+ app:
+ listener:
+ dataUpdatedTopic: cps.data-updated-events
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: cps-temporal-group
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.dataUpdatedTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Write
+{{- end }}
\ No newline at end of file
# Copyright (C) 2021 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
virtualhost:
baseurl: "simpledemo.onap.org"
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ cpsKafkaUser: cps-kafka-user
+
config:
coreUserName: cpsuser
dmiPluginUserName: dmiuser
+ useStrimziKafka: true
+ dataUpdatedTopic:
+ name: cps.data-updated-events
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: cps-temporal-group
# Enable all CPS components by default
cps-core:
config:
appUserExternalSecret: *core-creds-secret
dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
cps-temporal:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
ncmp-dmi-plugin:
enabled: true
- name: common
version: ~10.x-0
repository: '@local'
- - name: dcae-bbs-eventprocessor-ms
- version: ~10.x-0
- repository: '@local'
- condition: dcae-bbs-eventprocessor-ms.enabled
- name: dcae-datafile-collector
version: ~10.x-0
repository: '@local'
+++ /dev/null
-# ================================ LICENSE_START =============================
-# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ================================= LICENSE_END ==============================
-
-apiVersion: v2
-appVersion: "Jakarta"
-description: DCAE BBS-EventProcessor Microservice
-name: dcae-bbs-eventprocessor-ms
-version: 10.0.0
-
-dependencies:
- - name: common
- version: ~10.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~10.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~10.x-0
- repository: '@local'
- - name: dcaegen2-services-common
- version: ~10.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~10.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "common.secretFast" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "common.service" . }}
\ No newline at end of file
+++ /dev/null
-# ================================ LICENSE_START =============================
-# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ================================= LICENSE_END ==============================
-
-#################################################################
-# Global Configuration Defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- centralizedLoggingEnabled: true
-
-#################################################################
-# Filebeat Configuration Defaults.
-#################################################################
-filebeatConfig:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- - uid: &aaiCredsUID aaicreds
- type: basicAuth
- login: '{{ .Values.aaiCreds.username }}'
- password: '{{ .Values.aaiCreds.password }}'
- passwordPolicy: required
-
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-
-#################################################################
-# Application Configuration Defaults.
-#################################################################
-# Application Image
-image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1
-pullPolicy: Always
-
-# Log directory where logging sidecar should look for log files
-# if path is set to null sidecar won't be deployed in spite of
-# global.centralizedLoggingEnabled setting.
-log:
- path: /opt/app/bbs-event-processor/logs
-logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/bbs-event-processor/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
-# Dependencies
-readinessCheck:
- wait_for:
- - dcae-config-binding-service
- - aaf-cm
-
-# Probe Configuration
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 180
- timeoutSeconds: 5
- path: /heartbeat
- scheme: HTTP
- port: 8100
-
-
-# Service Configuration
-service:
- type: ClusterIP
- name: dcae-bbs-eventprocessor
- ports:
- - name: https
- port: 8100
- port_protocol: http
-
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-# AAI Credentials
-aaiCreds:
- username: AAI
- password: AAI
-
-credentials:
-- name: AAF_USERNAME
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
-- name: AAI_USERNAME
- uid: *aaiCredsUID
- key: login
-- name: AAI_PASSWORD
- uid: *aaiCredsUID
- key: password
-
-
-# Initial Application Configuration
-applicationConfig:
- streams_subscribes:
- pnf_reregistration:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.PNF_UPDATE
- cpe_authentication:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.CPE_AUTHENTICATION
- streams_publishes:
- close_loop:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT
- dmaap.protocol: https
- dmaap.contentType: application/json
- dmaap.consumer.consumerId: c12
- dmaap.consumer.consumerGroup: OpenDcae-c12
- dmaap.messageLimit: -1
- dmaap.timeoutMs: -1
- aai.host: aai.onap
- aai.port: 8443
- aai.protocol: https
- aai.username: ${AAI_USERNAME}
- aai.password: ${AAF_PASSWORD}
- aai.aaiIgnoreSslCertificateErrors: true
- application.pipelinesPollingIntervalSec: 25
- application.pipelinesTimeoutSec: 15
- application.cbsPollingIntervalSec: 120
- application.policyVersion: 1.0.0.5
- application.clTargetType: VM
- application.clEventStatus: ONSET
- application.clVersion: 1.0.2
- application.clTarget: vserver.vserver-name
- application.clOriginator: DCAE-BBS-ep
- application.reregistration.policyScope: policyScopeReReg
- application.reregistration.clControlName: clControlNameReReg
- application.cpe.authentication.policyScope: policyScopeCpeAuth
- application.cpe.authentication.clControlName: clControlNameCpeAuth
- application.reregistration.configKey: pnf_reregistration
- application.cpeAuth.configKey: cpe_authentication
- application.closeLoop.configKey: close_loop
- application.loggingLevel: INFO
- application.ssl.keyStorePath: "/opt/app/bbs-event-processor/etc/cert/cert.jks"
- application.ssl.keyStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/jks.pass"
- application.ssl.trustStorePath: "/opt/app/bbs-event-processor/etc/cert/trust.jks"
- application.ssl.trustStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/trust.pass"
- application.ssl.enableAaiCertAuth: true
- application.ssl.enableDmaapCertAuth: true
-
-# Resource Limit Flavor -By Default Using Small
-flavor: small
-
-# Segregation for Different Environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcae-bbs-eventprocessor-ms
- roles:
- - read
cid: kpi-cid
streams_subscribes:
performance_management_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
streams_publishes:
kpi_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
+image: onap/org.onap.dcaegen2.services.pmsh:2.2.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (C) 2022 Huawei Canada Limited.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.7
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1
# Log directory where logging sidecar should look for log files
# if path is set to null sidecar won't be deployed in spite of
sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details
sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data
sliceanalysisms.pmDataDurationInWeeks: 4
+ sliceanalysisms.vesNotifPollingInterval: 15
+ sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE
+ sliceanalysisms.vesNotifChangeType: BandwidthChanged
+ sliceanalysisms.aaiNotif.targetAction: UPDATE
+ sliceanalysisms.aaiNotif.targetSource: UUI
+ sliceanalysisms.aaiNotif.targetEntity: service-instance
+ sliceanalysisms.ccvpnEvalInterval: 15
+ sliceanalysisms.ccvpnEvalThreshold: 0.8
+ sliceanalysisms.ccvpnEvalPrecision: 100.0
+ sliceanalysisms.ccvpnEvalPeriodicCheckOn: true
+ sliceanalysisms.ccvpnEvalOnDemandCheckOn: true
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
intelligent_slicing_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
+ ves_ccvpn_notification_topic:
+ type: message-router
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT
+ aai_subscriber:
+ type: message-router
+ servers : ["message-router:3904"]
+ consumer_group: dcae_ccvpn_cl
+ consumer_instance: dcae_ccvpn_cl_aaievent
+ fetch_timeout: 15000
+ fetch_limit: 100
+ dmaap_info:
+ topic_url: http://message-router:3904/events/AAI-EVENT
applicationEnv:
STANDALONE: 'false'
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT
fault_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT
nbr_list_change_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
service_calls:
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
-dcae-bbs-eventprocessor-ms:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-datafile-collector:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.2
+image: onap/holmes/engine-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.2
+image: onap/holmes/rule-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.13
+image: onap/modeling/etsicatalog:1.0.14
pullPolicy: Always
#Istio sidecar injection policy
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.10.0
+image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
# flag to enable debugging - application support required
loggingImage: beats/filebeat:5.5.0
# mariadb client image
- mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28
+ mariadbImage: bitnami/mariadb:10.5.8
# nginx server image
nginxImage: bitnami/nginx:1.21.4
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# Secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
#password =
get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list"
+
+[dcae]
+
+#
+# From conductor
+#
+#
+# Data Store table prefix. (string value)
+#table_prefix = dcae
+
+# Base URL for DCAE, up to and not including the version, and without a
+# trailing slash. (string value)
+server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+
+# Timeout for DCAE Rest Call (string value)
+#dcae_rest_timeout = 30
+
+# Number of retry for DCAE Rest Call (string value)
+#dcae_retries = 3
+
+# The version of A&AI in v# format. (string value)
+server_url_version = v1
+
+# SSL/TLS certificate file in pem format. This certificate must be registered
+# with the SDC endpoint. (string value)
+#certificate_file = certificate.pem
+certificate_file =
+
+# Private Certificate Key file in pem format. (string value)
+#certificate_key_file = certificate_key.pem
+certificate_key_file =
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Username for DCAE. (string value)
+#username =
+
+# Password for DCAE. (string value)
+#password =
+
+get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
persistence:
enabled: true
cps:
service: cps-tbdmt
port: 8080
+ dcae:
+ service: dcae-slice-analysis-ms
+ port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
port: 2379
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN') > service-instance*('service-role','nsi')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_MH') > service-instance*('workload-context','AN')"
+ - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_FH') > service-instance*('workload-context','AN')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')"
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~10.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~10.x-0
+ repository: '@local'
+ condition: global.postgres.localCluster
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.1
+image: onap/policy-apex-pdp:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.1
+image: onap/policy-api:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.1
+image: onap/policy-clamp-ac-http-ppnt:6.2.2
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.1
+image: onap/policy-clamp-ac-pf-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.1
+image: onap/policy-clamp-backend:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.1
+image: onap/policy-clamp-runtime-acm:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.1
+image: onap/policy-distribution:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
{{/*
# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
SQL_HOST={{ .Values.db.name }}
SQL_PORT=3306
+# Liveness
+LIVENESS_CONTROLLERS=*
+
# AAF
AAF={{.Values.aaf.enabled}}
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
- Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender-ref ref="AsyncStdOut" />
</logger>
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
<root level="INFO">
<appender-ref ref="AsyncDebugOut" />
<appender-ref ref="AsyncErrorOut" />
<appender-ref ref="AsyncStdOut" />
<appender-ref ref="AsyncMetricStdOut" />
<appender-ref ref="AsyncTransactionStdOut" />
+ <appender-ref ref="PromLogback" />
</root>
</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 AT&T Intellectual Property
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.global.prometheusEnabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- containerPort: {{ .Values.service.externalPort2 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
+ httpGet:
+ path: /healthcheck/controllers
+ port: 6968
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
-# Modifications Copyright © 2018-2021 AT&T Intellectual Property
+# Modifications Copyright © 2018-2022 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: telemetry-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.telemetry.credsExternalSecret) . }}'
+ login: '{{ .Values.telemetry.user }}'
+ password: '{{ .Values.telemetry.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.1
+image: onap/policy-pdpd-cl:1.10.2
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
initialDelaySeconds: 180
- periodSeconds: 10
+ periodSeconds: 60
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
nameOverride: policy-drools-pdp
roles:
- read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-drools-pdp-9696
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+++ /dev/null
-server {
-
- listen 2443 default ssl;
- ssl_protocols TLSv1.2;
- {{ if .Values.global.aafEnabled }}
- ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
- ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
- {{ else }}
- ssl_certificate /etc/ssl/clamp.pem;
- ssl_certificate_key /etc/ssl/clamp.key;
- {{ end }}
-
- ssl_verify_client optional_no_ca;
- absolute_redirect off;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- try_files $uri $uri/ =404;
- }
-
- location /clamp/restservices/clds/ {
- proxy_pass https://policy-clamp-be:8443/restservices/clds/;
- proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
- }
-
- location = /50x.html {
- root /var/lib/nginx/html;
- }
- error_page 500 502 503 504 /50x.html;
- error_log /var/log/nginx/error.log warn;
-}
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+{{- else }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ - name: CLAMP_URL
+ value: https://policy-clamp-be:8443
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /etc/nginx/conf.d/default.conf
- name: {{ include "common.fullname" . }}-config
- subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- items:
- - key: default.conf
- path: default.conf
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#AAF service
aafEnabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
#################################################################
# AAF part
#################################################################
certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "clamp.key"
- clamp_pem: "clamp.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
nameOverride: policy-gui-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
+ cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
aaf_add_config: >
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
flavor: small
# application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
# log configuration
log:
- path: /var/log/nginx/
+ path: /var/log/onap/policy/gui
#################################################################
# Application configuration defaults.
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.1
+image: onap/policy-pap:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
- Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender-ref ref="AsyncStdOut" />
</logger>
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
<root level="INFO">
<appender-ref ref="AsyncDebugOut" />
<appender-ref ref="AsyncErrorOut" />
<appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="PromLogback" />
</root>
</configuration>
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
\ No newline at end of file
+{{- end }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.1
+image: onap/policy-xacml-pdp:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
--- /dev/null
+#!/bin/sh
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+#psql() { /usr/bin/psql -h ${PG_HOST} -p ${PG_PORT} "$@"; };
+
+export PGPASSWORD=${PG_ADMIN_PASSWORD};
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
+done
--- /dev/null
+#!/bin/sh
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
+exit $rc
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-config
+ image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db-pg.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /docker-entrypoint-initdb.d/db-pg.sh
+ env:
+ - name: PG_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ - name: PG_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_USER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: PG_PORT
+ value: "{{ .Values.postgres.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
containers:
- name: {{ include "common.release" . }}-policy-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
path: db.sh
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - key: db-pg.sh
+ path: db-pg.sh
+ - key: db_migrator_pg_policy_init.sh
+ path: db_migrator_pg_policy_init.sh
+
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.1
+ image: onap/policy-db-migrator:2.4.2
schema: policyadmin
policy_home: "/opt/app/policy"
serviceAccount:
nameOverride: *policy-mariadb
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy_user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34
#!/bin/bash
set -eo pipefail
-shopt -s nullglob
# logging functions
mysql_log() {
mysql_note "Database files initialized"
}
+if [ -z "$DATADIR" ]; then
+ DATADIR='unknown'
+fi
+if [ -z "$SOCKET" ]; then
+ SOCKET='unknown'
+fi
+if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ DATABASE_ALREADY_EXISTS='false'
+fi
+
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
# Get config
- declare -g DATADIR SOCKET
DATADIR="$(mysql_get_config 'datadir' "$@")"
SOCKET="$(mysql_get_config 'socket' "$@")"
file_env 'MYSQL_ROOT_PASSWORD'
file_env 'PORTAL_DB_TABLES'
- declare -g DATABASE_ALREADY_EXISTS
if [ -d "$DATADIR/mysql" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.10.1
-backendInitImage: onap/sdc-backend-init:1.10.1
+image: onap/sdc-backend-all-plugins:1.10.4
+backendInitImage: onap/sdc-backend-init:1.10.4
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.10.1
-cassandraInitImage: onap/sdc-cassandra-init:1.10.1
+image: onap/sdc-cassandra:1.10.4
+cassandraInitImage: onap/sdc-cassandra-init:1.10.4
pullPolicy: Always
config:
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
targetPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.service.type "NodePort" -}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{ end }}
{{ if (include "common.needTLS" .) }}
- port: {{ .Values.service.internalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.10.1
+image: onap/sdc-frontend:1.10.4
pullPolicy: Always
config:
type: NodePort
name: sdc-fe
portName: http
- nodePort: "06"
internalPort: 8181
externalPort: 8181
nodePort2: "07"
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.10.1
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.1
+image: onap/sdc-onboard-backend:1.10.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.4
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-backend:1.7.0
-configInitImage: onap/sdc-workflow-init:1.7.0
+image: onap/sdc-workflow-backend:1.11.1
+configInitImage: onap/sdc-workflow-init:1.11.1
pullPolicy: Always
initJob:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-frontend:1.7.0
+image: onap/sdc-workflow-frontend:1.11.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.5
+image: onap/sdnc-dmaap-listener-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.5
+image: onap/sdnc-ansible-server-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2018 Amdocs
debugLog "Currently running sdnc and dns failover"
return
fi
- trap "rm -f ${lockFile}" INT TERM RETURN
- echo $BASHPID > ${lockFile}
+ trap "rm -f ${lockFile}" INT TERM EXIT
+ echo $$ > ${lockFile}
# perform takeover
debugLog "Started executing sdnc.failover for $SITE_NAME"
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.5
+image: onap/sdnc-ueb-listener-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.5
+image: onap/sdnc-image:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ .Values.kafkaStrimziAdminUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.saslMechanism }}
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: onap-group
+ operation: Read
\ No newline at end of file
authorization:
type: simple
superUsers:
- - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }}
+ - {{ .Values.kafkaStrimziAdminUser }}
template:
pod:
securityContext:
runAsUser: 0
fsGroup: 0
config:
+ default.replication.factor: {{ .Values.replicaCount }}
+ min.insync.replicas: {{ .Values.replicaCount }}
offsets.topic.replication.factor: {{ .Values.replicaCount }}
transaction.state.log.replication.factor: {{ .Values.replicaCount }}
- transaction.state.log.min.isr: 2
+ transaction.state.log.min.isr: {{ .Values.replicaCount }}
log.message.format.version: "3.0"
inter.broker.protocol.version: "3.0"
storage:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.6
+image: onap/usecase-ui-server:4.0.7
pullPolicy: Always
# application configuration
flavor: small
# application image
-image: onap/usecase-ui:4.0.6
+image: onap/usecase-ui:4.0.7
pullPolicy: Always
# application configuration
-Sphinx
+lfdocs-conf
+sphinx>=4.2.0 # BSD
+sphinx-rtd-theme>=1.0.0 # MIT
doc8
docutils
six
-lfdocs-conf
sphinxcontrib-redoc
sphinxcontrib-spelling
PyEnchant
Code Review / oom.git / commitdiff