-Subproject commit dceb913fa262d4d1112ae734e6f9768b0354f9be
+Subproject commit bdbb69908135f5cee7c27fab7fbbcdde17ff5d57
-#!/usr/bin/python
+#!/usr/bin/env python
import getopt
import logging
import os
from kubernetes import config
from kubernetes.client import Configuration
-from kubernetes.client.apis import core_v1_api
+from kubernetes.client.api import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
-#!/bin/bash
+#!/bin/sh
# Initialize variables
ss_dir=""
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{- $global := . }}
{{- if .Values.backup.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /bin/bash
+ - /bin/sh
- -c
- |
clearSnapshot(){
{{- range $i := until (int .Values.replicaCount)}}
- name: data-dir-{{ $i }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data-{{ $i }}
+ claimName: {{ include "common.fullname" $global }}-data-{{ include "common.fullname" $global }}-{{ $i }}
{{- end }}
- name: backup-dir
persistentVolumeClaim:
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CERTS_DIR=${CERTS_DIR:-/certs}
+WORK_DIR=${WORK_DIR:-/updatedTruststore}
+ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
+JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
+TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+
+mkdir -p $WORK_DIR
+
+# Decrypt and move relevant files to WORK_DIR
+for f in $CERTS_DIR/*; do
+ if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then
+ # Dont use onap truststore when aaf is disabled
+ continue
+ fi
+ if [[ $f == *.sh ]]; then
+ continue
+ fi
+ if [[ $f == *.b64 ]]
+ then
+ base64 -d $f > $WORK_DIR/`basename $f .b64`
+ else
+ cp $f $WORK_DIR/.
+ fi
+done
+
+# Prepare truststore output file
+if [[ $AAF_ENABLED == true ]]
+ then
+ mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+ else
+ echo "AAF is disabled, using JRE truststore"
+ cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+fi
+
+# Import Custom Certificates
+for f in $WORK_DIR/*; do
+ if [[ $f == *.pem ]]; then
+ echo "importing certificate: $f"
+ keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
+ if [[ $? != 0 ]]; then
+ echo "failed importing certificate: $f"
+ exit 1
+ fi
+ fi
+done
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
value: "{{ $initRoot.public_fqdn | default "" }}"
{{- end -}}
+{{/*
+ This init container will import custom .pem certificates to truststoreONAPall.jks
+ Custom certificates must be placed in common/certInitializer/resources directory.
+
+ The feature is enabled by setting Values.global.importCustomCertsEnabled = true
+ It can be used independently of aafEnabled, however it requires the same includes
+ as describe above for _initContainer.
+
+ When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
+ to import custom certificates, otherwise the default java keystore will be used.
+
+ The updated truststore file will be placed in /updatedTruststore and can be mounted per component
+ to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
+ The truststore file will be available to mount even if no custom certificates were imported.
+*/}}
+{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+- name: {{ include "common.name" $dot }}-import-custom-certs
+ image: {{ $subchartDot.Values.global.jreImage }}
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /bin/bash
+ - -c
+ - /root/import-custom-certs.sh
+ env:
+ - name: AAF_ENABLED
+ value: "{{ $subchartDot.Values.global.aafEnabled }}"
+ - name: TRUSTSTORE_OUTPUT_FILENAME
+ value: "{{ $initRoot.truststoreOutputFileName }}"
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
+ volumeMounts:
+ - mountPath: /certs
+ name: aaf-agent-certs
+ - mountPath: /root/import-custom-certs.sh
+ name: aaf-agent-certs
+ subPath: import-custom-certs.sh
+ - mountPath: /updatedTruststore
+ name: updated-truststore
+{{- end -}}
+
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
+{{/*
+ This is used together with _initImportCustomCertsContainer
+ It mounts the updated truststore (with imported custom certificates) to the
+ truststoreMountpath defined in the values file for the component.
+*/}}
+{{- define "common.certInitializer._trustStoreVolumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- if gt (len $initRoot.truststoreMountpath) 0 }}
+- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
+ name: updated-truststore
+ subPath: {{ $initRoot.truststoreOutputFileName }}
+{{- end -}}
+{{- end -}}
+
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
name: {{ include "common.fullname" $subchartDot }}-add-config
defaultMode: 0700
{{- end -}}
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: updated-truststore
+ emptyDir: {}
+{{- end -}}
{{- end -}}
{{- define "common.certInitializer.initContainer" -}}
{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
+ {{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{ include "common.certInitializer._initContainer" . }}
{{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{- include "common.certInitializer._volumeMount" . }}
{{- end -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{- include "common.certInitializer._trustStoreVolumeMount" . }}
+ {{- end -}}
{{- end -}}
{{- define "common.certInitializer.volumes" -}}
{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
+ {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
{{- include "common.certInitializer._volumes" . }}
{{- end -}}
{{- end -}}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: nexus3.onap.org:10001
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
+ jreImage: registry.gitlab.com/onap-integration/docker/onap-java
pullPolicy: Always
login: '{{ .Values.aafDeployFqi }}'
password: '{{ .Values.aafDeployPass }}'
passwordPolicy: required
+ - uid: truststore-creds
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+ password: '{{ .Values.truststorePassword }}'
+ passwordPolicy: required
readinessCheck:
wait_for:
cadi_longitude: "-72.0"
aaf_add_config: ""
mountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
+ - name: {{ include "common.name" . }}-data
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
+ - name: {{ include "common.name" . }}-master
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy BRMS GW
-name: brmsgw
+description: Template used to create same STDOUT log configuration
+name: logConfiguration
version: 6.0.0
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Resolve the level of the logs.
+ The value for .Values.logLevel is used by default,
+ unless either override mechanism is used.
+
+ - .Values.global.logLevel : override default log level for all components
+ - .Values.logLevelOverride : override global and default log level on a per
+ component basis
+
+ The function can takes below arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .initRoot : the root dictionary of logConfiguration submodule
+ (default to .Values.logConfiguration)
+*/}}
+{{- define "common.log.level" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- if $subchartDot.Values.logLevelOverride }}
+ {{- printf "%s" $subchartDot.Values.logLevelOverride -}}
+ {{- else }}
+ {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}}
+ {{- end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logLevel: INFO
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
containers:
- name: mariadb-backup-validate
image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
{{- end }}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC Portal",
- "checks": [
- {
- "id": "sdnc-portal",
- "name": "SDNC Portal Health Check",
- "http": "http://sdnc-portal:8843/login",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
+make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
make-dcae-bootstrap:
cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
make-dcae-healthcheck:
cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
-make-dcae-redis:
- cd components && helm dep up dcae-redis && helm lint dcae-redis
-
make-dcae-servicechange-handler:
cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.tca }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }}
-{{ end }}
-dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }}
-consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }}
-cbs_host: config-binding-service
-enableRedisCaching: {{ .Values.config.redisCaching }}
-{{ if .Values.config.redisHosts }}
-redisHosts: {{ .Values.config.redisHosts }}
-{{ end }}
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
ves:
port: 30235
portSecure: 30417
- # redisCaching is a string not a boolean!
- redisCaching: "false"
# postgres values--overriding defaults in the postgres subchart
postgres:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
- --container-name
- consul-server
- --container-name
- - pdp
+ - policy-xacml-pdp
- "-t"
- "45"
env:
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE Redis
-name: dcae-redis
-version: 6.0.0
+++ /dev/null
-#!/bin/bash
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then
- echo "delay by 10 seconds for redis server starting"
- sleep 10
-
- NODES=""
- echo "====> wait for all {{.Values.replicaCount}} redis pods up"
- while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ]
- do
- echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up"
- sleep 5
- RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}})
-
- IPS=$(echo $RESP | jq -r '.items[].status.podIP')
- IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g')
- echo "======> IPs: ["$IPS2"]"
- NODES=""
- for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done
- echo "======> nodes: ["$NODES"]"
- done
- echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo
- sleep 10
-
- echo "====> Configure the cluster"
-
- # $NODES w/o quotes
- echo "======> nodes: [$(echo $NODES |paste -s)]"
- redis-trib create --replicas 1 $(echo $NODES |paste -s)
-fi ) &
-
-redis-server /conf/redis.conf
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-data:
- redis.conf: |+
- cluster-enabled yes
- cluster-require-full-coverage no
- cluster-node-timeout 15000
- cluster-config-file /data/nodes.conf
- cluster-migration-barrier 1
- appendonly yes
- protected-mode no
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- /opt/scripts/redis-cluster-config.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "redis-cli -h $(hostname) ping"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /conf
- name: {{ include "common.fullname" . }}-config
- - mountPath: /data
- name: {{ include "common.fullname" . }}-data
- - mountPath: /opt/scripts
- name: {{ include "common.fullname" . }}-scripts
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: redis.conf
- path: redis.conf
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote}}
- {{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: dcae-redis
- portName: client
- externalPort: 6379
- internalPort: 6379
- portName2: gossip
- externalPort2: 16379
- internalPort2: 16379
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: redis/data
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaeredis"
- name: "dcae-redis"
- port: 6379
- - baseaddr: "dcaeredisgossip"
- name: "dcae-redis"
- port: 16379
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0
pullPolicy: Always
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
+# dcae_ns: "dcae"
\ No newline at end of file
version: ~6.x-0
repository: 'file://components/dcae-healthcheck'
condition: dcae-healthcheck.enabled
- - name: dcae-redis
- version: ~6.x-0
- repository: 'file://components/dcae-redis'
- condition: dcae-redis.enabled
- name: dcae-servicechange-handler
version: ~6.x-0
repository: 'file://components/dcae-servicechange-handler'
[
{{- $ctx := . }}
-{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }}
+{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }}
{{- range $i, $v := $components }}
{{- if index $ctx.Values . "enabled" }}
{{- if $i }},{{ end }}
{{ $v | quote | indent 2 }}
{{- end -}}
{{- end }}
-]
\ No newline at end of file
+]
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
-redis:
- replicaCount: 6
-# Enable all DCAE components except redis by default
+# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
dcae-cloudify-manager:
enabled: true
dcae-policy-handler:
enabled: true
-dcae-redis:
- enabled: false
dcae-servicechange-handler:
- enabled: true
\ No newline at end of file
+ enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
service:
type: ClusterIP
cpu: 2
memory: 2Gi
unlimited: {}
+
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
value: {{ .Values.config.importK8S }}
- name: ONAP_IMPORT_POLICYPLUGIN
value: {{ .Values.config.importPolicy }}
- - name: ONAP_INPORT_POSTGRESPLUGIN
+ - name: ONAP_IMPORT_POSTGRESPLUGIN
value: {{ .Values.config.importPostgres }}
- name: ONAP_IMPORT_CLAMPPLUGIN
value: {{ .Values.config.importClamp }}
- name: ONAP_IMPORT_DMAAPPLUGIN
value: {{ .Values.config.importDMaaP }}
+ - name: ONAP_USEDMAAPPLUGIN
+ value: {{ .Values.config.useDmaapPlugin | quote }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
- importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
- importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
- importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
- importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+ importK8S: plugin:k8splugin?version=3.3.0
+ importPostgres: plugin:pgaas?version=1.3.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.0
+ importDMaaP: plugin:dmaap?version=1.5.0
+ useDmaapPlugin: false
secrets:
- uid: "dashsecret"
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
- backoffLimit: 5
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
"HEAT_VOL",
"OTHER",
"VF_MODULES_METADATA",
- "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT"
+ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
+ "HELM"
],
"consumerGroup": "multicloud-k8s-group",
"environmentName": "AUTO",
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
# flag to enable debugging - application support required
debugEnabled: false
+ # configuration to set log level to all components (the one that are using
+ # "common.log.level" to set this)
+ # can be overrided per components by setting logConfiguration.logLevelOverride
+ # to the desired value
+ # logLevel: DEBUG
+
#Global ingress configuration
ingress:
enabled: false
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy Administration Point
+description: ONAP Policy
name: policy
version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-PROPS_BUILD="${POLICY_HOME}/etc/build.info"
-
-PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties"
-PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties"
-
-
-if [ ! -f "${PROPS_BUILD}" ]; then
- echo "error: version information does not exist: ${PROPS_BUILD}"
- exit 1
-fi
-
-source "${POLICY_HOME}/etc/build.info"
-
-if [ -z "${version}" ]; then
- echo "error: no version information present"
- exit 1
-fi
-
-for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do
- if [ ! -f "${CONFIG}" ]; then
- echo "warning: configuration does not exist: ${CONFIG}"
- else
- sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}"
- fi
-done
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# BRMSpep component installation configuration parameters
-BRMSGW_JMX_PORT=9989
-
-COMPONENT_X_MX_MB=1024
-COMPONENT_X_MS_MB=1024
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-M2_HOME=/usr/share/java/maven-3
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryName=Snapshots
-snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryName=Releases
-releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=${REPOSITORY_USERNAME}
-repositoryPassword=${REPOSITORY_PASSWORD}
-UEB_URL=message-router
-UEB_TOPIC=PDPD-CONFIGURATION
-UEB_API_KEY=
-UEB_API_SECRET=
-
-groupID=org.onap.policy-engine
-artifactID=drlPDPGroup
-AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam
-AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules
-
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=brmsgw_1
-node_type=brms_gateway
-
-#Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=TEST
-
-#Notification Properties... type can be either websocket, ueb, or dmaap
-BRMS_NOTIFICATION_TYPE=websocket
-BRMS_UEB_URL=message-router
-BRMS_UEB_TOPIC=PDPD-CONFIGURATION
-BRMS_UEB_DELAY=
-BRMS_CLIENT_ID=python
-BRMS_CLIENT_KEY=dGVzdA==
-BRMS_UEB_API_KEY=
-BRMS_UEB_API_SECRET=
-
-#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.4
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.6
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-brmsgw
- name: pe-brmsgw-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-brmsgw
- name: pe-brmsgw
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - brmsgw
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh
- name: pe-brmsgw
- subPath: brmsgw-tweaks.sh
- - mountPath: /tmp/policy-install/config/brmsgw.conf
- name: pe-brmsgw
- subPath: brmsgw.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-brmsgw-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-brmsgw
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
- - uid: nexus-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
- login: '{{ .Values.nexus.repositoryUsername }}'
- password: '{{ .Values.nexus.repositoryPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- papPort: 9091
- pdpPort: 8081
- nexusPort: 8081
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-nexus:
- repositoryUsername: admin
- repositoryPassword: admin123
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: brmsgw
- portName: brmsgw
- externalPort: 9989
- internalPort: 9989
- nodePort: 16
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 0.5Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 20m
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# feature-healthcheck
-# ================================================================================
-# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-http.server.services=HEALTHCHECK
-http.server.services.HEALTHCHECK.host=0.0.0.0
-http.server.services.HEALTHCHECK.port=6969
-http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
-http.server.services.HEALTHCHECK.managed=false
-http.server.services.HEALTHCHECK.swagger=true
-http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
-http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
-http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
-http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-
-http.client.services=PAP
-
-http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
-http.client.services.PAP.port=9091
-http.client.services.PAP.contextUriPath=pap/test
-http.client.services.PAP.https=true
-http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
-http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
-
-http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
-http.client.services.PDP.port=8081
-http.client.services.PDP.contextUriPath=pdp/test
-http.client.services.PDP.https=true
-http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
-http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
+++ /dev/null
-#!/bin/bash
-# ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-policy status
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy PDP
-name: pdp
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pdp-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pdp component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9991
-TOMCAT_SHUTDOWN_PORT=8087
-SSL_HTTP_CONNECTOR_PORT=8081
-SSL_AJP_CONNECTOR_PORT=8381
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pdp properties
-
-UEB_CLUSTER=message-router
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
-REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
-REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
-REST_PDP_REGISTER=true
-REST_PDP_REGISTER_SLEEP=15
-REST_PDP_REGISTER_RETRIES=-1
-REST_PDP_MAXCONTENT=999999999
-
-# PDP related properties
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-node_type=pdp_xacml
-resource_name=pdp_1
-dependency_groups=brmsgw_1
-test_via_jmx=true
-
-#
-# Notification Properties
-# Notification type: websocket, ueb or dmaap... if left blank websocket is the default
-PDP_NOTIFICATION_TYPE=websocket
-PDP_UEB_CLUSTER=
-PDP_UEB_TOPIC=
-PDP_UEB_DELAY=
-PDP_UEB_API_KEY=
-PDP_UEB_API_SECRET=
-PDP_DMAAP_AAF_LOGIN=
-PDP_DMAAP_AAF_PASSWORD=
-
-#AAF Policy Name space
-#Required only, when we use AAF
-POLICY_AAF_NAMESPACE=
-POLICY_AAF_RESOURCE=
-
-# Indeterminate resolution
-DECISION_INDETERMINATE_RESPONSE=PERMIT
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9997
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
-LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=pdplp_1
+++ /dev/null
-
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/pdp",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1"
- },
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
- clusterIP: None
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-pdp
- name: pe-pdp-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-pdp
- name: pe-pdp
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pdp
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp-input
- subPath: pdp-tweaks.sh
- - mountPath: /tmp/policy-install/config/pdplp.conf
- name: pe-pdp
- subPath: pdplp.conf
- - mountPath: /tmp/policy-install/config/pdp.conf
- name: pe-pdp
- subPath: pdp.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pdp-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-pdp
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-
-config:
- papPort: 9091
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: pdp
- portName: pdp
- internalPort: 8081
- externalPort: 8081
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
+++ /dev/null
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
- comps="base pap paplp console mysql elk"
- ;;
-pdp)
- comps="base pdp pdplp"
- ;;
-brmsgw)
- comps="base brmsgw"
- ;;
-*)
- echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
- exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
- echo "Found existing installation, will not reinstall"
- . /opt/app/policy/etc/profile.d/env.sh
-
-else
- if [[ -d config ]]; then
- cp config/*.conf .
- fi
-
- for comp in $comps; do
- echo "Installing component: $comp"
- ./docker-install.sh --install $comp
- done
- for comp in $comps; do
- echo "Configuring component: $comp"
- ./docker-install.sh --configure $comp
- done
-
- . /opt/app/policy/etc/profile.d/env.sh
-
- # install keystore
- # override the policy keystore and truststore if present
- if [[ -f config/policy-keystore ]]; then
- cp config/policy-keystore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/$container-tweaks.sh ]] ; then
- # file may not be executable; running it as an
- # argument to bash avoids needing execute perms.
- bash config/$container-tweaks.sh
- fi
-
- if [[ $container == pap ]]; then
- # wait for DB up
- # now that DB is up, invoke database upgrade
- # (which does nothing if the db is already up-to-date)
- if [[ -v JDBC_USER ]]; then
- dbuser=${JDBC_USER};
- else
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- fi
-
- if [[ -v JDBC_PASSWORD ]]; then
- dbpw=${JDBC_PASSWORD}
- else
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
- fi
- db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
- fi
-
-fi
-
-policy.sh start
-sleep 1000d
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: <onap-app>
- externalPort: <8080>
- #Example internal target port if required
- #internalPort: <80>
- nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
env:
- name: TRUSTSTORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
- - -c
- - /home/apexuser/config/OnapPfConfig.json
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /home/apexuser/config
name: apexconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
#################################################################
global:
nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence: {}
#################################################################
password: '{{ .Values.restServer.password }}'
- uid: truststore-pass
type: password
- externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
- password: '{{ .Values.truststore.password }}'
- policy: required
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
password: zb!XztG34
truststore:
password: Pol1cy_0nap
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-apex-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 101
+ gid: 102
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
enabled: false
# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+flavor: small
resources:
small:
limits:
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/metric.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/audit.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty" level="ERROR" />\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/metric.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty" level="ERROR" />
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefix: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-api-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Global configuration defaults.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Application configuration defaults.
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-distribution-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Drools Policy Engine
-name: drools
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
# nexus repository
SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
-SQL_HOST={{ .Values.global.mariadb.service.name }}
+SQL_HOST={{ .Values.db.name }}
# AAF
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/metric.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/audit.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricStdOut" />\r
- </appender>\r
-\r
- <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionStdOut" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- <appender-ref ref="AsyncMetricStdOut" />\r
- <appender-ref ref="AsyncTransactionStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/metric.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricStdOut" />
+ </appender>
+
+ <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionStdOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="AsyncMetricStdOut" />
+ <appender-ref ref="AsyncTransactionStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
binaryData:
{{- range $path, $bytes := . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
- command:
- /root/ready.py
args:
- --container-name
- - {{ include "common.release" . }}-galera-config
- - --container-name
- - {{ .Values.global.nexus.nameOverride }}
+ - {{ .Values.nexus.name }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
ports:
- containerPort: {{ .Values.service.externalPort }}
- containerPort: {{ .Values.service.externalPort2 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: drools-config
subPath: {{ base $path }}
{{- end }}
- - mountPath: /var/log/onap
- name: policy-logs
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuImage: ubuntu:16.04
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
#################################################################
# Secrets metaconfig
service:
type: ClusterIP
- name: drools
- portName: drools
+ name: policy-drools-pdp
+ portName: policy-drools-pdp
internalPort: 6969
externalPort: 6969
nodePort: 17
# Default installation values to be overridden
+certInitializer:
+ nameOverride: policy-drools-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 1000
+ gid: 1000
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
server:
jvmOpts: -server -XshowSettings:vm
password: demo123456!
nexus:
+ name: policy-nexus
+ port: 8081
user: admin
password: admin123
- port: 8081
offline: true
db:
+ name: policy-mariadb
user: policy_user
password: policy_user
svcPort: 9111
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Nexus
-name: nexus
+name: policy-nexus
version: 6.0.0
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- mountPath: /sonatype-work
name: nexus-data
resources:
-{{ include "common.resources" . | indent 12 }}
+{{- if eq .Values.resources.flavor "large" }}
+{{ toYaml .Values.resources.large | indent 12 }}
+{{- else }}
+{{ toYaml .Values.resources.small | indent 12 }}
+{{- end -}}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
service:
type: ClusterIP
- name: nexus
- portName: nexus
+ name: policy-nexus
+ portName: policy-nexus
externalPort: 8081
internalPort: 8081
nodePort: 36
accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: nexus/data
+ mountSubPath: policy/nexus/data
-# Resource Limit flavor -By Default using small
-flavor: small
# Segregation for Different environment (Small and Large)
+# Resource Limit flavor - By Default using small
resources:
+ flavor: small
small:
limits:
cpu: 1
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
description: ONAP Policy Administration (PAP)
-name: pap
+name: policy-pap
version: 6.0.0
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
"name": "PolicyProviderParameterGroup",
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
"databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ .Values.global.mariadb.service.name }}
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
- command:
- sh
args:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
name: papconfig-processed
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
nodePortPrefixExt: 304
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-pap-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
healthCheckRestClient:
api:
user: healthcheck
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v1
-description: ONAP Policy XACML PDP
+description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
</configuration>
\ No newline at end of file
# JPA Properties
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
{{- with .Files.Glob "resources/config/*store" }}
binaryData:
{{- range $path, $bytes := . }}
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
apiVersion: apps/v1
kind: Deployment
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /root/job_complete.py
args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
+{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir:
medium: Memory
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-xacml-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
#################################################################
# Application configuration defaults.
db:
user: policy_user
password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
restServer:
user: healthcheck
password: zb!XztG34
+
apiServer:
user: healthcheck
password: zb!XztG34
ingress:
enabled: false
-resources: {}
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: policy-nexus
+ version: ~6.x-0
+ repository: 'file://components/policy-nexus'
+ condition: policy-nexus.enabled
+ - name: policy-api
+ version: ~6.x-0
+ repository: 'file://components/policy-api'
+ condition: policy-api.enabled
+ - name: policy-pap
+ version: ~6.x-0
+ repository: 'file://components/policy-pap'
+ condition: policy-pap.enabled
+ - name: policy-xacml-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-xacml-pdp'
+ condition: policy-xacml-pdp.enabled
+ - name: policy-apex-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-apex-pdp'
+ condition: policy-apex-pdp.enabled
+ - name: policy-drools-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-drools-pdp'
+ condition: policy-drools-pdp.enabled
+ - name: policy-distribution
+ version: ~6.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+#!/bin/bash -x
# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash -xv
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--
- Logback files for the ECOMP SDK Application "ecomp_app"
- are created in directory ${catalina.base}/logs/ecomp_app;
- e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log
- -->
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="ep_sdk_app" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!--
- These loggers are not used in code (yet).
- <property name="securityLogName" value="security" />
- <property name="policyLogName" value="policy" />
- <property name="performanceLogName" value="performance" />
- <property name="serverLogName" value="server" />
- -->
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
- <queueSize>${queueSize}</queueSize>
- <!-- Class name is part of caller data -->
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pap-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# configs component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9993
-TOMCAT_SHUTDOWN_PORT=8090
-SSL_HTTP_CONNECTOR_PORT=8443
-SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
-SSL_AJP_CONNECTOR_PORT=8383
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=2048
-TOMCAT_X_MX_MB=2048
-
-# ------------------ console properties ---------------------------
-
-#
-# Authorization Policy
-
-ROOT_POLICIES=admin
-ADMIN_FILE=Policy-Admin.xml
-
-
-# Set your domain here:
-
-REST_ADMIN_DOMAIN=com
-
-#
-# Location where the GIT repository is located
-#
-REST_ADMIN_REPOSITORY=repository
-
-#
-# Location where all the user workspaces are located.
-#
-REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace
-
-#
-# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
-# container and setup authentication as you please. Setting HttpSession attribute values will override these
-# values set in the properties files.
-#
-# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
-#
-# The default policy: Policy-Admin.xml is extremely simple.
-#
-# You can test authorization within the Admin Console by changing the user id.
-# There are 3 supported user ids:
-# guest - Read only access
-# editor - Read/Write access
-# admin - Read/Write/Admin access
-#
-# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
-#
-# This is for development/demonstration purposes only. A production environment should provide authentication which is
-# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
-# within this application.
-#
-
-REST_ADMIN_USER_NAME=Administrator
-REST_ADMIN_USER_ID=super-admin
-
-#
-#
-# Property to declare the max time frame for logs.
-#
-LOG_TIMEFRAME=30
-
-# Property to declare the number of visible rows for users in MicroService Policy
-COLUMN_COUNT=3
-
-# Dashboard refresh rate in miliseconds
-REFRESH_RATE=40000
-
-#
-# URL location for the PAP servlet.
-#
-
-
-REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/
-
-#
-# Config/Action Properties location.
-#
-
-REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/
-REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/
-REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/
-REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/
-
-# PAP account information
-CONSOLE_PAP_HTTP_USER_ID=testpap
-CONSOLE_PAP_HTTP_PASSWORD=alpha123
-
-
-node_type=pap_admin
-resource_name=console_1
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
-
-#Automatic Policy Distribution
-automatic_push=false
-
-#Diff of policies for Firewall feature
-FW_GETURL=
-FW_AUTHOURL=
-FW_PROXY=
-FW_PORT=
-
-#SMTP Server Details for Java Mail
-onap_smtp_host=
-onap_smtp_port=25
-onap_smtp_userName=
-onap_smtp_password=
-onap_smtp_emailExtension=
-onap_application_name=
-
-#-----------------------ONAP-PORTAL-Properties----------------------
-
-ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
-ONAP_UEB_URL_LIST=
-ONAP_PORTAL_INBOX_NAME=
-ONAP_UEB_APP_KEY=ueb_key_5
-ONAP_UEB_APP_SECRET=ueb_key_5
-ONAP_UEB_APP_MAILBOX_NAME=
-APP_DISPLAY_NAME=ONAP Policy
-ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# elasticsearch
-
-ELK_JMX_PORT=9995
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# mysql scripts component installation configuration parameters
-
-# Path to mysql bin
-MYSQL_BIN=/usr/local/mysql/bin
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pap component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9990
-TOMCAT_SHUTDOWN_PORT=9405
-SSL_HTTP_CONNECTOR_PORT=9091
-SSL_AJP_CONNECTOR_PORT=8380
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pap properties
-
-PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps
-PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-
-PAP_INITIATE_PDP=true
-PAP_HEARTBEAT_INTERVAL=10000
-PAP_HEARTBEAT_TIMEOUT=10000
-
-REST_ADMIN_DOMAIN=com
-REST_ADMIN_REPOSITORY=repository
-REST_ADMIN_WORKSPACE=workspace
-
-# PDP related properties
-PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
-PAP_PDP_HTTP_USER_ID=testpdp
-PAP_PDP_HTTP_PASSWORD=alpha123
-
-PAP_HTTP_USER_ID=testpap
-PAP_HTTP_PASSWORD=alpha123
-
-#new values added 10-21-2015
-PROP_PAP_TRANS_WAIT=500000
-PROP_PAP_TRANS_TIMEOUT=5000
-PROP_PAP_AUDIT_TIMEOUT=300000
-PROP_PAP_RUN_AUDIT_FLAG=true
-PROP_PAP_AUDIT_FLAG=true
-
-PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
-
-
-node_type=pap
-resource_name=pap_1
-dependency_groups=paplp_1
-test_via_jmx=true
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9996
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-LOGPATH=/var/log/onap/policy/pap/pap-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=paplp_1
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-db-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: pe
- - mountPath: /config
- name: pe-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pap
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PRELOAD_POLICIES
- value: "{{ .Values.config.preloadPolicies }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/pap-tweaks.sh
- name: pe-pap
- subPath: pap-tweaks.sh
- - mountPath: /tmp/policy-install/config/paplp.conf
- name: pe-pap
- subPath: paplp.conf
- - mountPath: /tmp/policy-install/config/pap.conf
- name: pe-pap
- subPath: pap.conf
- - mountPath: /tmp/policy-install/config/mysql.conf
- name: pe-pap
- subPath: mysql.conf
- - mountPath: /tmp/policy-install/config/elk.conf
- name: pe-pap
- subPath: elk.conf
- - mountPath: /tmp/policy-install/config/console.conf
- name: pe-pap
- subPath: console.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/policy-install/logback.xml
- name: policy-sdk-logback
- subPath: logback.xml
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: policy-sdk-logback
- configMap:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- - name: pe
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pap
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-galera-config
+ name: {{ include "common.release" . }}-policy-galera-config
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}-job
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-galera-config
+ - name: {{ include "common.release" . }}-policy-galera-config
image: {{ .Values.mariadb_image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
- ubuntuImage: ubuntu:16.04
- pdp:
- nameOverride: pdp
- pap:
- nameOverride: pap
- drools:
- nameOverride: drools
- brmwgw:
- nameOverride: brmsgw
- nexus:
- nameOverride: nexus
+ aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
passwordPolicy: generate
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-mariadb_image: library/mariadb:10
-pullPolicy: Always
-
-subChartsOnly:
- enabled: true
-
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
-pap:
- nameOverride: pap
+policy-api:
+ enabled: true
db: *dbSecretsHook
-pdp:
- nameOverride: pdp
+policy-pap:
+ enabled: true
db: *dbSecretsHook
-drools:
- nameOverride: drools
+policy-xacml-pdp:
+ enabled: true
db: *dbSecretsHook
-brmsgw:
- nameOverride: brmsgw
+policy-apex-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-api:
+policy-drools-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-xacml-pdp:
+policy-distribution:
+ enabled: true
db: *dbSecretsHook
+policy-nexus:
+ enabled: true
+
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+mariadb_image: library/mariadb:10
+pullPolicy: Always
-nexus:
- nameOverride: nexus
+subChartsOnly:
+ enabled: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- preloadPolicies: false
- pdpPort: 8081
-
# default number of instances
replicaCount: 1
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- name: pap
- portName: pap
- internalPort: 8443
- externalPort: 8443
- nodePort: 19
- internalPort2: 9091
- externalPort2: 9091
- nodePort2: 18
-
-ingress:
- enabled: false
- service:
- - baseaddr: "policy.api"
- name: "pap"
- port: 8443
- config:
- ssl: "redirect"
-
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
config:
[mysqld]
lower_case_table_names = 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
.project
.idea/
*.tmproj
+# avoid 1MB limit
+components/
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-{
- "MainMenu": "gamma",
- "dbConnLimit": "100",
- "home": "/opt/admportal",
- "sslEnabled": "true",
- "nonSslPort": "8543",
- "ConexusNetworkPort": "{{.Values.service.internalPort}}",
- "AppNetworkPort": "8543",
- "clusterPort": "8443",
- "serviceHomingServiceType": "SDN-ETHERNET-INTERNET",
- "passwordKey": "QtfJMKggVk",
- "preloadImportDirectory": "C:/data/csv",
- "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-",
- "clusterMidURL": "-shard-",
- "clusterSuffixURL": "-config,type=DistributedConfigDatastore",
- "shards": [
- "default",
- "inventory",
- "topology"
- ],
- "dbFabric": "false",
- "ip-addresses": {
- "lo": "127.0.0.1",
- "eth0": "127.0.0.1",
- "docker0": "172.17.0.1",
- "virbr0": "192.168.122.1"
- },
- "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
- "databases": [
- "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
- ],
- "dbFabricServer": "localhost",
- "dbFabricPort": "32275",
- "dbFabricGroupId": "hagroup1",
- "dbFabricUser": "${DB_FABRIC_USER}",
- "dbFabricPassword": "${DB_FABRIC_PASSWORD",
- "dbFabricDB": "{{.Values.config.dbFabricDB}}",
- "dbUser": "${SDNC_DB_USER}",
- "dbPassword": "${SDNC_DB_PASSWORD}",
- "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
- "odlProtocol": "http",
- "odlHost": "sdnc.{{.Release.Namespace}}",
- "odlConexusHost": "sdnc.{{.Release.Namespace}}",
- "odlPort": "8181",
- "odlConexusPort": "8181",
- "odlUser": "${ODL_USER}",
- "odlPasswd": "${ODL_PASSWORD}",
- "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
- "AppNetwork_sslCert": "",
- "AppNetwork_sslKey": "",
- "hostnameList": [
- {
- "hname": "localhost"
- }
- ],
- "shard_list": [
- {
- "shard_name": "default"
- },
- {
- "shard_name": "inventory"
- },
- {
- "shard_name": "topology"
- }
- ]
-}
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: DB_FABRIC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
- - name: DB_FABRIC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/admportal.json
- name: properties
- subPath: admportal.json
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02
- name: properties
- subPath: svclogic.properties.sdnctldb02
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdnc-portal",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
-
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-password
- type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
- passwordPolicy: required
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
- - uid: fabric-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.dbFabricUser }}'
- password: '{{ .Values.config.dbFabricPassword }}'
- passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
- password: '{{ .Values.config.keystorePwd }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.4
-config:
- dbFabricDB: mysql
- dbFabricUser: admin
- dbFabricPassword: admin
- # dbFabricDBCredsExternalSecret: some secret
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- storesDir: /opt/onap/sdnc/data/stores
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
- keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- # keystorePwdExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: sdnc-portal-galera
- service:
- name: sdnc-portal-galera
- portName: sdnc-portal-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: sdnc-portal/maria/data
-
-# default number of instances
-replicaCount: 0
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdnc-portal
- portName: sdnc-portal
- internalPort: 8443
- externalPort: 8443
- nodePort: "01"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdnc-portal.api"
- name: "sdnc-portal"
- port: 8443
- config:
- ssl: "redirect"
-
-#Resource limit flavor -By default using small
-flavor: small
-#segregation for different environment (small and large)
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: SDN-C Admin Portal
-name: sdnc-portal
-version: 6.0.0
\ No newline at end of file
+description: SDN-C Web Server
+name: sdnc-web
+version: 6.0.0
+# Copyright © 2020 highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
dependencies:
- name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
version: ~6.x-0
repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName: "sdnc-web"
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: WEBPROTOCOL
+ value: {{ .Values.config.webProtocol }}
+ - name: WEBPORT
+ value: {{ .Values.config.webPort | quote }}
+ - name: SDNRPROTOCOL
+ value: {{ .Values.config.sdnrProtocol }}
+ - name: SDNRHOST
+ value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+ - name: SDNRPORT
+ value: {{ .Values.config.sdnrPort | quote }}
+ - name: SSL_CERT_DIR
+ value: {{ .Values.config.sslCertDir }}
+ - name: SSL_CERTIFICATE
+ value: {{ .Values.config.sslCertiticate }}
+ - name: SSL_CERTIFICATE_KEY
+ value: {{ .Values.config.sslCertKey }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- include "common.service" . -}}
+
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ nodePortPrefix: 322
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:1.8.3"
+pullPolicy: Always
+
+config:
+ sdncChartName: sdnc
+ webProtocol: HTTPS
+ webPort: 8443
+ #sdnrProtocol: HTTPS
+ sdnrProtocol: HTTPS
+ #sdnrHost: "sdnc.onap"
+ sdnrHost: "sdnc"
+ sdnrPort: "8443"
+ sslCertDir: "/opt/app/osaaf/local/certs"
+ sslCertiticate: "cert.pem"
+ sslCertKey: "key.pem"
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+ nameOverride: sdnc-web-cert-initializer
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: "org.onap.sdnc"
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ name: sdnc-web
+ suffix: service
+ type: NodePort
+ sessionAffinity: ClientIP
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 8443
+ ports:
+ - name: "sdnc-web"
+ port: "8443"
+ nodePort: "05"
+
+#ingress:
+# enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: logConfiguration
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
+ condition: network-name-gen.enabled
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ condition: dgbuilder.enabled
- name: sdnc-prom
version: ~6.x-0
repository: '@local'
- name: elasticsearch
version: ~6.x-0
repository: '@local'
+ condition: config.sdnr.enabled
+ # conditions for sdnc-subcharts
+ - name: dmaap-listener
+ version: ~6.x-0
+ repository: 'file://components/dmaap-listener/'
+ condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+ - name: ueb-listener
+ version: ~6.x-0
+ repository: 'file://components/ueb-listener/'
+ condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+ - name: sdnc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/sdnc-ansible-server/'
+ condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+ - name: sdnc-web
+ version: ~6.x-0
+ repository: 'file://components/sdnc-web/'
+ condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
+log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF}
log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
log4j2.appender.error.strategy.fileIndex = min
log4j2.appender.error.filter.threshold.type = ThresholdFilter
log4j2.appender.error.filter.threshold.level = WARN
-log4j2.appender.error.filter.threshold.match = ACCEPT
log4j2.appender.metric.type = RollingRandomAccessFile
log4j2.appender.metric.name = MetricFile
log4j2.appender.rr.strategy.fileIndex = min
log4j2.appender.security.type = RollingRandomAccessFile
-log4j2.appender.security.name = securityRollingFile
+log4j2.appender.security.name = SecurityFile
log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log
log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i
log4j2.appender.security.append = true
log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit
log4j2.logger.security.level = INFO
log4j2.logger.security.additivity = false
-log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile
+log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile
log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
log4j2.logger.audit.level = INFO
image: onap/sdnc-ansible-server-image:1.7.0
dmaap-listener:
image: onap/sdnc-dmaap-listener-image:1.7.0
- sdnc-portal:
- image: onap/admportal-sdnc-image:1.7.0
ueb-listener:
image: onap/sdnc-ueb-listener-image:1.7.0
cds:
+{{- if .Values.dgbuilder.enabled -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata: {{ include "common.templateMetadata" . | indent 6}}
+ spec:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-chown
+ image: "busybox"
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ {{ end }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-nginx
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-master
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-sdnrdb-init-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ env:
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_HOME
+ value: "{{.Values.config.sdncHome}}"
+ - name: ETC_DIR
+ value: "{{.Values.config.etcDir}}"
+ - name: BIN_DIR
+ value: "{{.Values.config.binDir}}"
+ ## start sdnrdb parameter
+ - name: SDNRINIT
+ value: "true"
+ - name: SDNRDBURL
+ {{ if .Values.global.aafEnabled -}}
+ value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- else -}}
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- end }}
+ - name: SDNRDBPARAMETER
+ value: "-k"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d
+ emptyDir: {}
+ - name: bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0755
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ if .Values.config.sdnr.enabled }}
+ Session Affinity: ClientIP
+ {{ end }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.clusterPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
sessionAffinity: None
type: ClusterIP
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
serviceName: {{ include "common.servicename" . }}-cluster
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
podManagementPolicy: Parallel
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{ if .Values.dgbuilder.enabled -}}
- command:
- /root/ready.py
args:
+ {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ {{ end -}}
+ {{ if .Values.config.sdnr.enabled -}}
+ - --container-name
+ - {{ include "common.name" . }}-sdnrdb-init-job
+ {{ end -}}
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
+ {{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ command:
+ - sh
+ args:
+ - -c
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
+{{- if .Values.global.aafEnabled }}
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
+{{- end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if not .Values.config.sdnr.enabled }}
command: ["/bin/bash"]
args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"]
+ {{ else }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ {{ end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: KARAF_CONSOLE_LOG_LEVEL
+ value: "{{ include "common.log.level" . }}"
+ - name: SDNRWT
+ value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+ {{- if eq .Values.config.sdnr.mode "web" }}
+ - name: SDNRDM
+ value: "true"
+ {{- end }}
+ - name: SDNRONLY
+ value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ - name: SDNRDBURL
+ {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+ value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+ - name: SDNRDBTRUSTALLCERTS
+ value: "true"
+ {{ end }}
+
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
- mountPath: {{ .Values.config.odl.binDir }}/setenv
name: properties
subPath: setenv
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+ name: properties
+ subPath: mountpoint-registrar.properties
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+ name: properties
+ subPath: mountpoint-state-provider.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
#################################################################
# Application configuration defaults.
#################################################################
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
maxGCPauseMillis: 100
parallelGCThreads : 3
numberGGLogFiles: 10
+ # enables sdnr functionality
+ sdnr:
+ enabled: true
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+
+
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
+ truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
config: &mariadbGaleraConfig
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
-sdnc-portal:
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
config:
db:
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
fqi: "sdnc@sdnc.onap.org"
service:
name: sdnrdb
-
master:
replicaCount: 3
# dedicatednode: "yes"
# handles master and data node functionality
dedicatednode: "no"
nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+# enable
+sdnc-web:
+ enabled: false
# default number of instances
replicaCount: 1
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
# limitations under the License.
apiVersion: v1
-description: ONAP VFC - DB
+description: ONAP VFC - REDIS
name: vfc-redis
version: 6.0.0
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}2
-
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
-
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
name: vfc-redis
portName: vfc-redis
- externalPort: 3306
- internalPort: 3306
- externalPort2: 6379
- internalPort2: 6379
+ externalPort: 6379
+ internalPort: 6379
ingress:
enabled: false
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
Code Review / oom.git / commitdiff