# Contributing to OOM
Thanks for taking the time to contribute to OOM!
-Please see a few informations on how to dot it.
+Please see some information on how to do it.
## How to become a contributor and submit your own code
### Environment setup
-
-In order to be able to check on your side before submitting, you'll need to
-install some binaries:
+In order to be able to check on your side before submitting, you'll need to install some binaries:
* helm (satisfying the targeted version as seen in [setup guide](
-docs/oom_cloud_setup_guide.rst#software-requirements).
-* chartmuseum (in order to cm-push dependency charts)
-* helm cm-push (version 0.10.1 as of today)
+docs/oom_cloud_setup_guide.rst#software-requirements)).
+* chartmuseum (in order to push dependency charts)
+* helm push (version 0.10.1 as of today)
* make
### Linting and testing
+OOM uses helm linting in order to check that the template rendering is correct with default values.
-OOM use helm linting in order to check that the templates rendering is correct
-with default values.
-
-first step is to start chartmuseum:
+The first step is to start chartmuseum:
-```shell
+``` shell
nohup chartmuseum --storage="local" --storage-local-rootdir="/tmp/chartstorage" \
--port 6464 &
```
+or
+``` shell
+docker-compose up
+```
-then you add `local` repository to helm:
-
+then you add a `local` repository to helm:
```shell
-helm repo remove local && helm repo add local http://localhost:6464
+helm repo remove local || helm repo add local http://localhost:6464
```
-As full rendering may be extremely long (~9h), you can only lint the common
-part and the component you're working on.
+As full rendering may be extremely long (~9h), you may only want to lint the common part and the component you're working on.
Here's an example with AAI:
-
```shell
cd kubernetes
make common && make aai
```
-If you work on non default path, it's strongly advised to also render the
+If you work on a non default path, it's strongly advised to also render the
template of your component / subcomponent to be sure it's as expected.
Here's an example enabling service mesh on aai graphadmin:
cd aai/components/
helm template --release-name onap --debug \
--set global.ingress.virtualhost.baseurl=toto \
- --set global.ingress.enabled=true --set global.masterPassword="toto" \
- --set global.serviceMesh.enabled=true --set global.serviceMesh.tls=true \
+ --set global.ingress.enabled=true \
+ --set global.masterPassword="toto" \
+ --set global.serviceMesh.enabled=true \
+ --set global.serviceMesh.tls=true \
aai-graphadmin
```
+All the output will be rendered YAML if everything works as expected or an error if something goes wrong.
+Usually the errors come from bad indentation or unknown values.
-All the output will be the rendered YAML if it's OK or you may see an error.
-Usually the errors comes from bad indentation or unknown value.
-
-### Contributing A Patch
-
+### Contributing a Patch
1. Fork the desired repo, develop and test your code changes.
2. Sign the LFN CLA (<https://www.onap.org/cla>)
3. Submit a pull request.
4. Work with the reviewers on their suggestions.
-5. Ensure to rebase to the HEAD of your target branch and squash un-necessary
- commits (
- <https://blog.carbonfive.com/always-squash-and-rebase-your-git-commits/>)
- before final merger of your contribution.
+5. Ensure to rebase to the HEAD of your target branch and [squash un-necessary commits](https://blog.carbonfive.com/always-squash-and-rebase-your-git-commits/)
+ before finally mergin your contribution.
port: 8433
http-port: 8081
ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
key-store-type: PKCS12
key-store-password: ${KEYSTORE_PASSWORD}
key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
"controller": [
{
"name": "controller1",
- "baseUrl": "{{ .Values.sdncLink }}",
+ "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}",
"userName": "${A1CONTROLLER_USER}",
"password": "${A1CONTROLLER_PASSWORD}"
}
args:
- -c
- |
+ {{- if (include "common.needTLS" .) }}
export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
| xargs -0)
+ {{- end }}
cd /config-input
for PFILE in `ls -1`
do
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
sdncLink: https://sdnc.onap:8443
+sdncLinkHttp: http://sdnc.onap:8282
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
ingress:
enabled: false
service:
- - baseaddr: "aafcm"
+ - baseaddr: "aaf-cm-api"
name: "aaf-cm"
port: 8150
config:
ingress:
enabled: false
service:
- - baseaddr: "aaffs"
+ - baseaddr: "aaf-fs-api"
name: "aaf-fs"
port: 8096
config:
ingress:
enabled: false
service:
- - baseaddr: "aafgui"
+ - baseaddr: "aaf-ui"
name: "aaf-gui"
port: 8200
config:
ingress:
enabled: false
service:
- - baseaddr: "aaflocate"
+ - baseaddr: "aaf-locate-api"
name: "aaf-locate"
port: 8095
config:
ingress:
enabled: false
service:
- - baseaddr: "aafoauth"
+ - baseaddr: "aaf-oauth-api"
name: "aaf-oauth"
port: 8140
config:
ingress:
enabled: false
service:
- - baseaddr: "aafservice"
+ - baseaddr: "aaf-service-api"
name: "aaf-service"
port: 8100
config:
#################################################################
# application image
-image: onap/babel:1.9.6
+image: onap/babel:1.11.0
flavor: small
flavorOverride: small
ingress:
enabled: false
service:
- - baseaddr: "aaibabel"
+ - baseaddr: "aai-babel-api"
name: "aai-babel"
port: 9516
config:
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/aai-graphadmin:1.9.5
+image: onap/aai-graphadmin:1.11.0
pullPolicy: Always
restartPolicy: Always
flavor: small
ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
ml.aai.KEYSTORE_FILE=aai-os-cert.p12
ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+ml.aai.USE_HTTPS= true
{{ else }}
-ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:8080
+ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:80
+ml.aai.USE_HTTPS= false
{{ end }}
ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
+ml.babel.USE_HTTPS= true
{{ else }}
ml.babel.KEYSTORE_FILE=
ml.babel.KEYSTORE_PASSWORD=
ml.babel.TRUSTSTORE_FILE=
ml.babel.TRUSTSTORE_PASSWORD=
+ml.babel.USE_HTTPS= false
{{ end }}
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/model-loader:1.9.4
+image: onap/model-loader:1.11.0
pullPolicy: Always
restartPolicy: Always
flavor: small
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.9.7
+image: onap/aai-resources:1.11.0
pullPolicy: Always
restartPolicy: Always
flavor: small
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/aai-schema-service:1.9.7
+image: onap/aai-schema-service:1.11.0
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
ingress:
enabled: false
service:
- - baseaddr: "aaisparkybe"
+ - baseaddr: "aai-sparkybe-api"
name: "aai-sparky-be"
port: 8000
config:
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
- tcpSocket:
+ httpGet:
+ path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
+ scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ httpHeaders:
+ - name: X-FromAppId
+ value: LivenessCheck
+ - name: X-TransactionId
+ value: LiveCheck_TID
+ - name: Accept
+ value: application/json
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
- tcpSocket:
+ httpGet:
+ path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
+ scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ httpHeaders:
+ - name: X-FromAppId
+ value: ReadinessCheck
+ - name: X-TransactionId
+ value: ReadinessCheck_TID
+ - name: Accept
+ value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.9.6
+image: onap/aai-traversal:1.11.0
pullPolicy: Always
restartPolicy: Always
flavor: small
ingress:
enabled: false
service:
- - baseaddr: "aai.api"
+ - baseaddr: "aai-api"
name: "aai"
port: 8443
+ plain_port: 80
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "appc.api"
+ - baseaddr: "appc-api"
name: "appc"
port: 8443
+ plain_port: 1830
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "blueprintsprocessorhttp"
+ - baseaddr: "cds-blueprintsprocessor-api"
name: "cds-blueprints-processor-http"
port: 8080
config:
ingress:
enabled: false
service:
- - baseaddr: "cdsui"
+ - baseaddr: "cds-ui"
name: "cds-ui"
port: 3000
config:
ingress:
enabled: false
service:
- - baseaddr: "cli.api"
+ - baseaddr: "cli-api"
name: "cli"
port: 443
- - baseaddr: "cli2.api"
+ - baseaddr: "cli2-api"
name: cli
port: 9443
config:
ingress:
enabled: false
service:
- - baseaddr: "consul.api"
+ - baseaddr: "consul-api"
name: "consul-server"
port: 8800
config:
org:
springframework: {{ .Values.logging.level }}
-dmi:
- auth:
- username: ${DMI_USERNAME}
- password: ${DMI_PASSWORD}
+ncmp:
+ dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
{{- if .Values.config.useStrimziKafka }}
spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: LIQUIBASE_LABELS
+ value: {{ .Values.config.liquibaseLabels }}
+ - name: CPS_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
container:
name: postgres
-image: onap/cps-and-ncmp:3.0.1
+image: onap/cps-and-ncmp:3.1.5
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
ingress:
enabled: true
service:
- - baseaddr: "cps-core"
+ - baseaddr: "cps-core-api"
path: "/"
name: "cps-core"
port: *svc_port
notification.data-updated.filters.enabled-dataspaces: ""
notification.async.enabled: false
notification.async.executor.core-pool-size: 2
- notification.async.executor.max-pool-size: 1
+ notification.async.executor.max-pool-size: 10
notification.async.executor.queue-capacity: 500
notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
notification.async.executor.thread-name-prefix: Async-
value: '{{ .Values.config.someConfig }}'
policy: generate
-image: onap/cps-temporal:1.1.0
+image: onap/cps-temporal:1.2.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
ingress:
enabled: true
service:
- - baseaddr: "cps-temporal"
+ - baseaddr: "cps-temporal-api"
path: "/"
name: "cps-temporal"
port: *svc_port
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.1.0
+image: onap/ncmp-dmi-plugin:1.2.2
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
ingress:
enabled: true
service:
- - baseaddr: "ncmp-dmi-plugin"
+ - baseaddr: "cps-ncmp-dmi-plugin-api"
path: "/"
name: *svc_name
port: *svc_port
config:
retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.ncmpEventsTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ config:
+ retention.ms: {{ .Values.config.ncmpEventsTopic.retentionMs }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ config:
+ retention.ms: {{ .Values.config.ncmpAsyncM2MTopic.retentionMs }}
{{- end }}
\ No newline at end of file
type: topic
name: {{ .Values.config.dataUpdatedTopic.name }}
operation: Write
+ - resource:
+ type: group
+ name: {{ .Values.config.ncmpEventsTopic.consumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.ncmpEventsTopic.name }}
+ operation: All
+ - resource:
+ type: group
+ name: {{ .Values.config.ncmpAsyncM2MTopic.consumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
+ operation: All
{{- end }}
\ No newline at end of file
segmentBytes: 1073741824
consumer:
groupId: cps-temporal-group
+ ncmpEventsTopic:
+ name: ncmp-events
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ ncmpAsyncM2MTopic:
+ name: ncmp-async-m2m
+ retentionMs: 600000
+ consumer:
+ groupId: ncmp-group
# Enable all CPS components by default
cps-core:
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright (C) 2022 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
+{{ include "common.ingress" . }}
plain_port: 8100
port_protocol: http
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dcae-datafile-collector-api"
+ name: "datafile-collector"
+ port: 8443
+ plain_port: 8100
+ config:
+ ssl: "redirect"
+
# Data Router Publisher Credentials
drPubscriberCreds:
username: username
-#!/bin/sh
{{/*
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
+# Copyright (C) 2022 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
+{{ include "common.ingress" . }}
\ No newline at end of file
port_protocol: http
nodePort: 22
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dcae-hv-ves-collector-api"
+ name: "dcae-hv-ves-collector"
+ port: 6061
+ config:
+ ssl: "redirect"
+
#strimzi kafka config
hvVesKafkaUser: dcae-hv-ves-kafka-user
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.4
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.10
pullPolicy: Always
# Log directory where logging sidecar should look for log files
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT
- kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamThr","operation":"SUM","operands":"GTP.InDataOctN3UPF"},{"measType":"DownstreamThr","operation":"SUM","operands":"GTP.OutDataOctN3UPF"}]}]}'
+ kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamDownstreamThr","operation":"SUM","operands":["GTP.InDataOctN3UPF","GTP.OutDataOctN3UPF"]}]}]'
applicationEnv:
STANDALONE: 'false'
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+{{/*
+# Copyright (C) 2022 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v2
-description: ONAP Policy Clamp Backend
-name: policy-clamp-be
-version: 11.0.0
-
-dependencies:
- - name: certInitializer
- version: ~11.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~11.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~11.x-0
- repository: '@local'
+{{ include "common.ingress" . }}
\ No newline at end of file
nodePort: 16
useNodePortExt: true
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dcae-restconf-collector-api"
+ name: "dcae-restconf-collector"
+ port: 8443
+ plain_port: 8080
+ config:
+ ssl: "redirect"
+
# AAF Credentials
controllerCreds:
username: access
passwordPolicy: generate
################################aafcreds#################################
-# InitContainer Image.
+# InitContainer Image
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.3
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.5
pullPolicy: IfNotPresent
#################################################################
# policy sync is used for provide runtime configuration for slicems
# policy id is originally set to "onap.dcae.slicems.config"
-# dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
-# policies:
+#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+#pullPolicy: IfNotPresent
+#policies:
# duration:
-# 300
+# 10
# policyID: |
# '["onap.dcae.slicems.config"]'
sliceanalysisms.aaiNotif.targetAction: UPDATE
sliceanalysisms.aaiNotif.targetSource: UUI
sliceanalysisms.aaiNotif.targetEntity: service-instance
- sliceanalysisms.ccvpnEvalInterval: 15
- sliceanalysisms.ccvpnEvalThreshold: 0.8
+ sliceanalysisms.ccvpnEvalInterval: 5
+ sliceanalysisms.ccvpnEvalUpperThreshold: 0.8
+ sliceanalysisms.ccvpnEvalLowerThreshold: 0.3
sliceanalysisms.ccvpnEvalPrecision: 100.0
sliceanalysisms.ccvpnEvalPeriodicCheckOn: true
sliceanalysisms.ccvpnEvalOnDemandCheckOn: true
+ sliceanalysisms.ccvpnEvalStrategy: FlexibleThresholdStrategy
streams_publishes:
CL_topic:
type: message-router
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright (C) 2022 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
+{{ include "common.ingress" . }}
\ No newline at end of file
nodePort: 17
useNodePortExt: true
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dcae-ves-collector-api"
+ name: "dcae-ves-collector"
+ port: 8443
+ plain_port: 8080
+ config:
+ ssl: "redirect"
+
# application environments
applicationEnv:
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
enabled: true
enabledOverride: true
service:
- - baseaddr: "dcaemod"
+ - baseaddr: "dcaemod-nifi-ui"
path: "/nifi"
name: "dcaemod-designtool"
port: 8080
- - baseaddr: "dcaemod"
+ - baseaddr: "dcaemod-nifi-api"
path: "/nifi-api"
name: "dcaemod-designtool"
port: 8080
enabled: true
enabledOverride: true
service:
- - baseaddr: "dcaemod"
+ - baseaddr: "dcaemod-distributor-api"
path: "/distributor"
name: dcaemod-distributor-api
port: 8080
enabled: true
enabledOverride: true
service:
- - baseaddr: "dcaemod"
+ - baseaddr: "dcaemod-genprocessor-api"
path: "/nifi-jars"
name: dcaemod-genprocessor
port: 8080
enabled: true
enabledOverride: true
service:
- - baseaddr: "dcaemod"
+ - baseaddr: "dcaemod-onboarding-api"
path: "/onboarding"
name: dcaemod-onboarding-api
port: 8080
ingress:
enabled: false
service:
- - baseaddr: "dmaapbc"
+ - baseaddr: "dmaap-bc-api"
name: "dmaap-bc"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "dmaapdrnode"
+ - baseaddr: "dmaap-dr-node-api"
name: "dmaap-dr-node"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "dmaapdrprov"
+ - baseaddr: "dmaap-dr-prov-api"
name: "dmaap-dr-prov"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "mr.api"
+ - baseaddr: "dmaap-mr-api"
name: "message-router"
port: 3905
+ plain_port: 3904
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "loges"
+ - baseaddr: "log-es-api"
name: "log-es"
port: 9200
config:
ingress:
enabled: false
service:
- - baseaddr: "kibana.api"
+ - baseaddr: "log-kibana-ui"
name: "log-kibana"
port: 5601
config:
ingress:
enabled: false
service:
- - baseaddr: "logls"
+ - baseaddr: "log-ls-api"
name: "log-ls"
port: 5044
- - baseaddr: "loglshttp"
+ - baseaddr: "log-ls-http-api"
name: "log-ls"
port: 9600
config:
ingress:
enabled: false
service:
- - baseaddr: "msbconsul"
+ - baseaddr: "msb-consul-api"
name: "msb-consul"
port: 8500
config:
ingress:
enabled: false
service:
- - baseaddr: "msb.api.discovery"
+ - baseaddr: "msb-discovery-api"
name: "msb-discovery"
port: 10081
config:
ingress:
enabled: false
service:
- - baseaddr: "msbeag"
+ - baseaddr: "msb-eag-ui"
name: "msb-eag"
port: 443
+ plain_port: 80
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "msbiag"
+ - baseaddr: "msb-iag-ui"
name: "msb-iag"
port: 443
+ plain_port: 80
config:
ssl: "redirect"
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.fullname" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{- if .Values.global.aafEnabled }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.global.aafEnabled }}
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
- port: {{ .Values.liveness.port }}
+ port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
path: {{ .Values.liveness.path }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
- port: {{ .Values.readiness.port }}
+ port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
path: {{ .Values.readiness.path }}
- scheme: HTTPS
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ONAP_K8SCLOUDOWNER
value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
- value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4"
- name: SDC_HOST
- value: "https://sdc-be.{{ include "common.namespace" . }}:8443"
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}"
- name: SDC_HEADER_ECOMPINSTANCEID
value: {{ .Values.config.ecompInstanceId }}
- name: SDC_HEADER_AUTHORIZATION
value: {{ .Values.sdc_authorization }}
- name: AAI_HOST
- value: "https://aai.{{ include "common.namespace" . }}:8443"
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}"
- name: AAI_HEADER_AUTHORIZATION
value: {{ .Values.aai_authorization }}
- name: SO_HOST
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "https://message-router.{{ include "common.namespace" . }}:3905"
+ value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
- value: "true"
+ value: "{{ .Values.global.msbEnabled }}"
- name: MSB_DISCOVERY_HOST
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
internalPort: 3306
nameOverride: mariadb-galera
aafEnabled: true
+ msbEnabled: true
#################################################################
# AAF part
# probe configuration parameters
liveness:
path: /nbi/api/v4/status
- port: 8443
initialDelaySeconds: 180
periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
readiness:
path: /nbi/api/v4/status
- port: 8443
initialDelaySeconds: 185
periodSeconds: 30
type: NodePort
portName: api
name: nbi
- nodePort: 74
internalPort: 8443
+ internalPlainPort: 8080
+ ports:
+ - name: http
+ port: 8443
+ plain_port: 8080
+ nodePort: '74'
ingress:
enabled: false
service:
- - baseaddr: "nbi.api"
+ - baseaddr: "nbi-api"
name: "nbi"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
# Resource Limit flavor -By Default using small
args:
- --container-name
- oof-has-controller
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-service
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-has-sms-readiness
command:
- sh
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
args:
- "-c"
- |
+ {{- if (include "common.needTLS" .) }}
grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /tmp/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- mountPath: /tmp/intermediate_root_ca.pem
name: {{ include "common.fullname" . }}-onap-certs
subPath: intermediate_root_ca.pem
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: conductor.conf
- key: log.conf
path: log.conf
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
externalPort: 8091
internalPort: 8091
nodePort: 75
- portName: oof-has-api
+ portName: http
#backend container info
uwsgi:
ingress:
enabled: false
service:
- - baseaddr: "oof-has-api.onap"
+ - baseaddr: "oof-has-api"
name: "oof-has-api"
port: 8091
config:
args:
- --job-name
- {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-sms
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-cont-sms-readiness
command:
- sh
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-data-sms-readiness
command:
- sh
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/aai_cert.cer
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_cert.cer
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- key: aai_cert.cer
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
+ {{- end }}
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
command:
- sh
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
command:
- sh
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = true
+is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# aaf_retries. (integer value)
#aaf_retries = 3
# From conductor
#
+# is_enabled. (boolean value)
+is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
# Timeout for SMS API Call (integer value)
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for AAI. (string value)
username = OOF
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for SDC. (string value)
#username =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for CPS. (string value)
#username =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for DCAE. (string value)
#username =
server {
+{{ if (include "common.needTLS" .) }}
listen 8091 ssl;
server_name oof;
ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
+{{ else }}
+ listen 8091;
+ server_name oof;
+{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
aai:
serviceName: aai
port: 8443
+ plainPort: 80
msb:
serviceName: msb-iag
port: 80
sdc:
serviceName: sdc-be
port: 8443
+ plainPort: 8080
cps:
service: cps-tbdmt
port: 8080
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+ ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }}
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
# Credentials for Conductor
-conductorUrl: {{ .Values.config.conductorUrl }}
+conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
+policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
# Credentials for DMaaP
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ .Values.config.aaf_url }}
+aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }}
aaf_user_roles:
{{- range .Values.config.aaf_user_roles }}
- {{ . }}
{{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ .Values.config.aaf_sms_url }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
+aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
secret_domain: {{ .Values.config.secret_domain }}
aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
# AAI api
-aaiUrl: {{ .Values.config.aaiUrl }}
+aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
dslQueryPath: /aai/v23/dsl?format=
#DES api
-desUrl: {{ .Values.config.desUrl }}
+desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }}
desApiPath: {{ .Values.config.desApiPath }}
desHeaders:
Accept: application/json
appkey: ''
activateConsulConfig: False
-
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{- if (include "common.needTLS" .) }}
- command:
- sh
- -c
- resp="FAILURE";
until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
echo $resp;
sleep 2;
done
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
+ {{- end }}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
args:
- "-c"
- |
+ {{- if (include "common.needTLS" .) }}
grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ {{ end }}
python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
+ {{- if (include "common.needTLS" .) }}
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
name: {{ include "common.fullname" . }}-onap-certs
subPath: intermediate_root_ca.pem
+ {{- end }}
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
placementDefaultPatchVersion: "0"
# Url and credentials for Conductor.
- conductorUrl: https://oof-has-api:8091/v1/plans/
+ conductorUrl:
+ https: https://oof-has-api:8091/v1/plans/
+ http: http://oof-has-api:8091/v1/plans/
conductorPingWaitTime: 10
conductorMaxRetries: 30
# versions to be set in HTTP header
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
- policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
+ policyPlatformUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
+ http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
policyPlatformEnv: TEST # Environment for policy platform
# Credentials for the message reader - A placeholder.
messageReaderHosts: NA
#AAF Authentication
is_aaf_enabled: False
aaf_cache_expiry_mins: 5
- aaf_url: https://aaf-service:8100
+ aaf_url:
+ https: https://aaf-service:8100
+ http: http://aaf-service:8080
aaf_user_roles:
- '/placement:org.onap.oof.access|*|read ALL'
- '/pci:org.onap.oof.access|*|read ALL'
# Secret Management Service from AAF
- aaf_sms_url: https://aaf-sms
+ aaf_sms_url:
+ https: https://aaf-sms
+ http: http://aaf-sms
aaf_sms_port: 10443
aaf_sms_timeout: 30
secret_domain: osdf
nbrListUrl: 'ran-network/getNbrList'
#aai api
- aaiUrl: https://aai:8443
+ aaiUrl:
+ https: https://aai:8443
+ http: http://aai:8080
aaiGetLinksUrl: /aai/v16/network/logical-links
aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
controllerQueryUrl: /aai/v19/query?format=resource
aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
#des api
- desUrl: https://des.url:9000
+ desUrl:
+ https: https://des.url:9000
+ http: http://des.url:8080
desApiPath: /datalake/v1/exposure/
desUsername: ''
desPassword: ''
ingress:
enabled: false
service:
- - baseaddr: "oofosdf"
+ - baseaddr: "oof-osdf-api"
name: "oof-osdf"
port: 8698
config:
version: ~11.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
- - name: policy-clamp-be
- version: ~11.x-0
- repository: 'file://components/policy-clamp-be'
- condition: policy-clamp-be.enabled
- name: policy-clamp-ac-k8s-ppnt
version: ~11.x-0
repository: 'file://components/policy-clamp-ac-k8s-ppnt'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"pdpStatusParameters":{
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.8.0
+image: onap/policy-apex-pdp:2.8.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-apex-pdp
- portName: policy-apex-pdp
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 37
server:
port: {{ .Values.service.internalPort }}
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
spring:
security.user:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
name: PolicyProviderParameterGroup
implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
driver: org.mariadb.jdbc.Driver
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+ url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
user: "${SQL_USER}"
password: "${SQL_PASSWORD}"
persistenceUnit: PolicyDb
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.7.0
+image: onap/policy-api:2.7.1
pullPolicy: Always
# flag to enable debugging - application support required
initialDelaySeconds: 10
periodSeconds: 120
api: /policy/api/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
service:
type: ClusterIP
name: policy-api
- portName: policy-api
+ portName: http
externalPort: 6969
internalPort: 6969
nodePort: 40
# ============LICENSE_END=========================================================
spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
security:
user:
name: ${RESTSERVER_USER}
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
- topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
# topicSources:
port: 8084
servlet:
context-path: /onap/httpparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.3.0
+image: onap/policy-clamp-ac-http-ppnt:6.3.1
pullPolicy: Always
# application configuration
# ============LICENSE_END=========================================================
spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
security:
user:
name: ${RESTSERVER_USER}
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
port: 8083
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
logging:
# Configuration of logging
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.3.0
+image: onap/policy-clamp-ac-k8s-ppnt:6.3.1
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_END=========================================================
spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
security:
user:
name: ${RESTSERVER_USER}
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
port: 8085
servlet:
context-path: /onap/policyparticipant
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.3.0
+image: onap/policy-clamp-ac-pf-ppnt:6.3.1
pullPolicy: Always
# flag to enable debugging - application support required
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Modifications copyright (c) 2019 Nokia
-# Modifications Copyright (c) 2022 Nordix Foundation
-# ================================================================================\
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-*/}}
-{{- if .Values.global.aafEnabled }}
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
-server.ssl.key-store-password=${cadi_keystore_password_p12}
-server.ssl.key-password=${cadi_key_password}
-server.ssl.key-store-type=PKCS12
-server.ssl.key-alias={{ .Values.certInitializer.fqi }}
-
-# The key file used to decode the key store and trust store password
-# If not defined, the key store and trust store password will not be decrypted
-clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
-
-## Config part for Client certificates
-server.ssl.client-auth=want
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
-server.ssl.trust-store-password=${cadi_truststore_password}
-{{- end }}
-
-#clds datasource connection details
-spring.datasource.username=${MYSQL_USER}
-spring.datasource.password=${MYSQL_PASSWORD}
-spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
-spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
-
-#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json
-
-#
-# Configuration Settings for Policy Engine Components
-clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969
-clamp.config.policy.api.userName=policyadmin
-clamp.config.policy.api.password=zb!XztG34
-clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969
-clamp.config.policy.pap.userName=policyadmin
-clamp.config.policy.pap.password=zb!XztG34
-
-#DCAE Inventory Url Properties
-clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080
-clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-#DCAE Deployment Url Properties
-clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
-clamp.config.dcae.deployment.userName=none
-clamp.config.dcae.deployment.password=none
-
-#AAF related parameters
-clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
-
-# Configuration settings for ControlLoop Runtime Rest API
-clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969
-clamp.config.acm.runtime.userName=${RUNTIME_USER}
-clamp.config.acm.runtime.password=${RUNTIME_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * Copyright (C) 2021 Nordix Foundation
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-create table if not exists dictionary (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dictionary_second_level integer,
- dictionary_type varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_elements (
- short_name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- description varchar(255) not null,
- name varchar(255) not null,
- subdictionary_name varchar(255),
- type varchar(255) not null,
- primary key (short_name)
- ) engine=InnoDB;
-
-create table if not exists dictionary_to_dictionaryelements (
- dictionary_name varchar(255) not null,
- dictionary_element_short_name varchar(255) not null,
- primary key (dictionary_name, dictionary_element_short_name)
- ) engine=InnoDB;
-
-create table if not exists hibernate_sequence (
- next_val bigint
-) engine=InnoDB;
-
-insert into hibernate_sequence values ( 1 );
-
-create table if not exists loop_element_models (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- loop_element_type varchar(255) not null,
- short_name varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loop_logs (
- id bigint not null,
- log_component varchar(255) not null,
- log_instant datetime(6) not null,
- log_type varchar(255) not null,
- message MEDIUMTEXT not null,
- loop_id varchar(255) not null,
- primary key (id)
- ) engine=InnoDB;
-
-create table if not exists loop_templates (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- allowed_loop_type varchar(255),
- blueprint_yaml MEDIUMTEXT,
- dcae_blueprint_id varchar(255),
- maximum_instances_allowed integer,
- svg_representation MEDIUMTEXT,
- unique_blueprint boolean default false,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loopelementmodels_to_policymodels (
- loop_element_name varchar(255) not null,
- policy_model_type varchar(255) not null,
- policy_model_version varchar(255) not null,
- primary key (loop_element_name, policy_model_type, policy_model_version)
- ) engine=InnoDB;
-
-create table if not exists loops (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- global_properties_json json,
- last_computed_state varchar(255) not null,
- svg_representation MEDIUMTEXT,
- loop_template_name varchar(255) not null,
- service_uuid varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists loops_to_microservicepolicies (
- loop_name varchar(255) not null,
- microservicepolicy_name varchar(255) not null,
- primary key (loop_name, microservicepolicy_name)
- ) engine=InnoDB;
-
-create table if not exists looptemplates_to_loopelementmodels (
- loop_element_model_name varchar(255) not null,
- loop_template_name varchar(255) not null,
- flow_order integer not null,
- primary key (loop_element_model_name, loop_template_name)
- ) engine=InnoDB;
-
-create table if not exists micro_service_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- context varchar(255),
- dcae_blueprint_id varchar(255),
- dcae_deployment_id varchar(255),
- dcae_deployment_status_url varchar(255),
- device_type_scope varchar(255),
- shared bit not null,
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists operational_policies (
- name varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- configurations_json json,
- json_representation json not null,
- pdp_group varchar(255),
- pdp_sub_group varchar(255),
- loop_element_model_id varchar(255),
- policy_model_type varchar(255),
- policy_model_version varchar(255),
- loop_id varchar(255) not null,
- primary key (name)
- ) engine=InnoDB;
-
-create table if not exists policy_models (
- policy_model_type varchar(255) not null,
- version varchar(255) not null,
- created_by varchar(255),
- created_timestamp datetime(6) not null,
- updated_by varchar(255),
- updated_timestamp datetime(6) not null,
- policy_acronym varchar(255),
- policy_tosca MEDIUMTEXT,
- policy_pdp_group json,
- primary key (policy_model_type, version)
- ) engine=InnoDB;
-
-create table if not exists services (
- service_uuid varchar(255) not null,
- name varchar(255) not null,
- resource_details json,
- service_details json,
- version varchar(255),
- primary key (service_uuid)
- ) engine=InnoDB;
-
-alter table dictionary_to_dictionaryelements
- add constraint FK68hjjinnm8nte2owstd0xwp23
- foreign key (dictionary_element_short_name)
- references dictionary_elements (short_name);
-
-alter table dictionary_to_dictionaryelements
- add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
- foreign key (dictionary_name)
- references dictionary (name);
-
-alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
- references loops (name);
-
-alter table loop_templates
- add constraint FKn692dk6281wvp1o95074uacn6
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loopelementmodels_to_policymodels
- add constraint FK23j2q74v6kaexefy0tdabsnda
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table loopelementmodels_to_policymodels
- add constraint FKjag1iu0olojfwryfkvb5o0rk5
- foreign key (loop_element_name)
- references loop_element_models (name);
-
-alter table loops
- add constraint FK844uwy82wt0l66jljkjqembpj
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table loops
- add constraint FK4b9wnqopxogwek014i1shqw7w
- foreign key (service_uuid)
- references services (service_uuid);
-
-alter table loops_to_microservicepolicies
- add constraint FKle255jmi7b065fwbvmwbiehtb
- foreign key (microservicepolicy_name)
- references micro_service_policies (name);
-
-alter table loops_to_microservicepolicies
- add constraint FK8avfqaf7xl71l7sn7a5eri68d
- foreign key (loop_name)
- references loops (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
- foreign key (loop_element_model_name)
- references loop_element_models (name);
-
-alter table looptemplates_to_loopelementmodels
- add constraint FKj29yxyw0x7ue6mwgi6d3qg748
- foreign key (loop_template_name)
- references loop_templates (name);
-
-alter table micro_service_policies
- add constraint FKqvvdypacbww07fuv8xvlvdjgl
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table micro_service_policies
- add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FKi9kh7my40737xeuaye9xwbnko
- foreign key (loop_element_model_id)
- references loop_element_models (name);
-
-alter table operational_policies
- add constraint FKlsyhfkoqvkwj78ofepxhoctip
- foreign key (policy_model_type, policy_model_version)
- references policy_models (policy_model_type, version);
-
-alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
- references loops (name);
+++ /dev/null
-{
- "sdc-connections":{
- "sdc-controller":{
- "user": "clamp",
- "consumerGroup": "clamp",
- "consumerId": "clamp",
- "environmentName": "AUTO",
- "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
- "password": "${SDC_CLIENT_PASSWORD_ENC}",
- "pollingInterval":30,
- "pollingTimeout":30,
- "activateServerTLSAuth":"false",
- "keyStorePassword":"",
- "keyStorePath":"",
- "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"]
- }
- }
-}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit https://127.0.0.1:8443 to use your application"
- kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-policy-clamp-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- # side car containers
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- # main container
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- workingDir: "/opt/policy/clamp/"
- args:
- - -c
- - |
- {{- if .Values.global.aafEnabled }}
- export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
- export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
- envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
- {{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: logs
- mountPath: {{ .Values.log.path }}
- - mountPath: /opt/policy/clamp/sdc-controllers-config.json
- name: {{ include "common.fullname" . }}-config
- subPath: sdc-controllers-config.json
- - mountPath: /opt/policy/clamp/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- env:
- - name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }}
- - name: RUNTIME_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }}
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
- - name: SDC_CLIENT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }}
- {{- if ne "unlimited" (include "common.flavor" .) }}
- - name: JAVA_RAM_CONFIGURATION
- value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
- {{- end }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: sdc-controllers-config.json
- path: sdc-controllers-config.json
- - key: application.properties
- path: application.properties
- - name: logs
- emptyDir: {}
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2020-2021 AT&T Intellectual Property
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.release" . }}-policy-clamp-galera-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-policy-clamp-job
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
-#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.release" . }}-policy-clamp-galera-config
- image: {{ include "repositoryGenerator.image.mariadb" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/create-db-tables.sh
- name: {{ include "common.fullname" . }}-config
- subPath: create-db-tables.sh
- - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
- name: {{ include "common.fullname" . }}-config
- subPath: policy-clamp-create-tables.sql
- command:
- - /bin/sh
- args:
- - -x
- - /dbcmd-config/create-db-tables.sh
- env:
- - name: MYSQL_HOST
- value: "{{ .Values.db.service.name }}"
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
- - name: MYSQL_PORT
- value: "{{ .Values.db.service.internalPort }}"
- resources:
-{{ include "common.resources" . }}
- restartPolicy: Never
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: create-db-tables.sh
- path: create-db-tables.sh
- - key: policy-clamp-create-tables.sql
- path: policy-clamp-create-tables.sql
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2021 AT&T
-# Modifications Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- keystoreFile: 'org.onap.clamp.p12'
- truststoreFile: 'org.onap.clamp.trust.jks'
- keyFile: 'org.onap.clamp.keyfile'
- truststoreFileONAP: 'truststoreONAPall.jks'
- nameOverride: clamp-backend-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: '-72.0'
- cadi_latitude: '38.0'
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- cd {{ .Values.credsPath }};
- chmod a+rx *;
-
-secrets:
- - uid: db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: sdc-creds
- type: password
- externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}'
- password: '{{ .Values.sdc.clientPassword }}'
- passwordPolicy: required
- - uid: runtime-be-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
- login: '{{ .Values.config.policyAppUserName }}'
- password: '{{ .Values.config.policyAppUserPassword }}'
- passwordPolicy: required
-
-flavor: small
-
-# application image
-image: onap/policy-clamp-backend:6.3.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# log configuration
-log:
- path: /var/log/onap
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-#####dummy values for db user and password to pass lint!!!#######
-sdc:
- clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-db:
- user: policy_user
- password: policy_user
- image: mariadb:10.5.8
- service:
- name: policy-mariadb
- internalPort: 3306
-
-config:
- policyAppUserName: runtimeUser
- policyAppUserPassword: none
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- mysqlPassword: strong_pitchou
- dataRootDir: /dockerdata-nfs
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- timeoutSeconds: 3
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 3
-
-service:
- type: ClusterIP
- name: policy-clamp-be
- portName: policy-clamp-be
- internalPort: 8443
- externalPort: 8443
-
-ingress:
- enabled: false
-
-#resources: {}
-# We usually recommend not to specify default resources and to leave this as a conscious
-# choice for the user. This also increases chances charts run on environments with little
-# resources, such as Minikube. If you do want to specify resources, uncomment the following
-# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-#
-# Example:
-# Configure resource requests and limits
-# ref: http://kubernetes.io/docs/user-guide/compute-resources/
-# Minimum memory for development is 2 CPU cores and 4GB memory
-# Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1m
- memory: 1Gi
- large:
- limits:
- cpu: 1
- memory: 3Gi
- requests:
- cpu: 10m
- memory: 3Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: policy-clamp-be
- roles:
- - read
context-path: /onap/policy/clamp/acm
error:
path: /error
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
runtime:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
fetchTimeout: 15000
topicSinks:
-
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# topicParameterGroup:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.3.0
+image: onap/policy-clamp-runtime-acm:6.3.1
pullPolicy: Always
# flag to enable debugging - application support required
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"prometheus": true
},
"receptionHandlerParameters":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"messageBusAddress": [
"message-router.{{ include "common.namespace" . }}"
],
"keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": true
+ "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+ "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
}
}
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"papParameters": {
"clientName": "policy-pap",
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": true
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
},
"deployPolicies": true
}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.8.0
+image: onap/policy-distribution:2.8.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-distribution
- portName: policy-distribution
+ portName: http
externalPort: 6969
internalPort: 6969
# HTTP Servers
-HTTP_SERVER_HTTPS=true
+HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
PROMETHEUS=true
# PDP-D DMaaP configuration channel
# Open DMaaP
DMAAP_SERVERS=message-router
-DMAAP_HTTPS=true
+DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT=8443
+AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
AAI_CONTEXT_URI=
# MSO
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.11.0
+image: onap/policy-pdpd-cl:1.11.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-drools-pdp
- portName: policy-drools-pdp
+ portName: http
internalPort: 6969
externalPort: 6969
nodePort: 17
--- /dev/null
+server:
+ port: 2443
+ ssl:
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+# enabled-protocols: TLSv1.2
+# client-auth: want
+# key-store: file:${KEYSTORE}
+# key-store-password: ${KEYSTORE_PASSWD}
+# trust-store: file:${TRUSTSTORE}
+# trust-store-password: ${TRUSTSTORE_PASSWD}
+
+clamp:
+ url:
+ disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+
+apex-editor:
+ upload-url:
+ upload-userid:
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ policy-gui
+ ================================================================================
+ Copyright (C) 2021-2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ERROR" />
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DEBUG" />
+ </appender>
+
+ <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NETWORK" />
+ </appender>
+
+ <logger name="network" level="TRACE" additivity="false">
+ <appender-ref ref="asyncNetwork" />
+ </logger>
+
+ <logger name="org.apache" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- GUI related loggers -->
+ <logger name="org.onap.policy.gui" level="TRACE" additivity="false">
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <root level="TRACE">
+ <appender-ref ref="asyncDebug" />
+ <appender-ref ref="asyncError" />
+ <appender-ref ref="asyncNetwork" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }}
{{ include "common.log.configMap" . }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE
+ value: {{ .Values.certStores.keystoreLocation }}
+ - name: KEYSTORE_PASSWD
+ value: {{ .Values.certStores.keyStorePassword }}
+ - name: TRUSTSTORE
+ value: {{ .Values.certStores.truststoreLocation }}
+ - name: TRUSTSTORE_PASSWD
+ value: {{ .Values.certStores.trustStorePassword }}
+ - name: POLICY_LOGS
+ value: {{ .Values.log.path }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: policy-gui-config
+ - mountPath: /config
+ name: policy-gui-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /app/ready.py
args:
- --container-name
- - policy-clamp-be
+ - policy-clamp-runtime-acm
env:
- name: NAMESPACE
valueFrom:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
+{{- if not (include "common.onServiceMesh" .) }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
env:
-{{- else }}
+{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
+{{ end }}
- name: CLAMP_URL
- value: https://policy-clamp-be:8443
+ value: http://policy-clamp-runtime-acm:6969
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/app/policy/gui/etc/application.yml
+ name: policy-gui-config-processed
+ subPath: application.yml
+ - mountPath: /opt/app/policy/gui/etc/logback.xml
+ name: policy-gui-config-processed
+ subPath: logback.xml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ - name: policy-gui-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: policy-gui-config-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
certStores:
keyStorePassword: Pol1cy_0nap
+ keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
+ truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
trustStorePassword: Pol1cy_0nap
#################################################################
flavor: small
# application image
-image: onap/policy-gui:2.3.0
+image: onap/policy-gui:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: NodePort
name: policy-gui
- portName: policy-gui
+ portName: http
internalPort: 2443
nodePort: 43
ingress:
enabled: false
service:
- - baseaddr: "policygui.api"
+ - baseaddr: "policy-ui"
name: "policygui"
port: 2443
config:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
service:
type: ClusterIP
name: policy-nexus
- portName: policy-nexus
+ portName: http
externalPort: 8081
internalPort: 8081
nodePort: 36
server:
port: 6969
ssl:
- enabled: true
+ enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
pap:
name: PapGroup
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
- topic: POLICY-HEARTBEAT
consumerGroup: policy-pap
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
fetchTimeout: 15000
topicCommInfrastructure: dmaap
topicSinks:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
- topic: POLICY-NOTIFICATION
servers:
- message-router
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
topicCommInfrastructure: dmaap
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: true
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: healthcheck
- clientName: dmaap
hostname: message-router
- port: 3905
- useHttps: true
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+ useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
basePath: topics
management:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ .Values.readiness.scheme }}
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.7.0
+image: onap/policy-pap:2.7.1
pullPolicy: Always
# flag to enable debugging - application support required
periodSeconds: 120
port: http-api
api: /policy/pap/v1/healthcheck
- scheme: HTTPS
successThreshold: 1
failureThreshold: 3
timeout: 60
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true,
+ "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false,
"prometheus": true
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": true,
+ "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"aaf": false
},
"applicationParameters": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"fetchTimeout" : 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : true,
+ "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
"topicCommInfrastructure" : "dmaap"
}]
}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.7.0
+image: onap/policy-xacml-pdp:2.7.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: policy-xacml-pdp
+ portName: http
externalPort: 6969
internalPort: 6969
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-policy-galera-config
+ name: {{ include "common.fullname" . }}-galera-init
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-job
+ app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
+ app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-galera-init
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
-#This container checks that all galera instances are up before initializing it.
+ initContainers:
- name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- - name: {{ include "common.release" . }}-policy-galera-config
+ containers:
+ - name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }}
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
- {{ if .Values.global.postgres.localCluster }}
- - name: {{ include "common.release" . }}-policy-pg-config
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db.sh
+ path: db.sh
+
+{{ if .Values.global.postgres.localCluster }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-pg-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pg-init
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-pg-init
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-pg-init
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
+ containers:
+ - name: {{ include "common.name" . }}-pg-config
image: {{ .Values.repository }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db-pg.sh
command:
- /bin/sh
- args:
- - -x
- - /docker-entrypoint-initdb.d/db-pg.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
value: "{{ .Values.postgres.service.internalPort }}"
resources:
{{ include "common.resources" . }}
- {{ end }}
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db-pg.sh
+ path: db-pg.sh
+{{ end }}
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-galera-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-galera-config
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-galera-config
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-galera-config
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-policy-galera-db-migrator
+ - name: {{ include "common.name" . }}-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db_migrator_policy_init.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db_migrator_policy_init.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
env:
- name: SQL_HOST
value: "{{ index .Values "mariadb-galera" "service" "name" }}"
value: "sql"
resources:
{{ include "common.resources" . }}
- {{ if .Values.global.postgres.localCluster }}
- - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
+ restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
+
+{{ if .Values.global.postgres.localCluster }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-pg-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pg-config
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-pg-config
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}-pg-config
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}-pg-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
subPath: db_migrator_pg_policy_init.sh
command:
- /bin/sh
- args:
- - -x
- - /dbcmd-config/db_migrator_pg_policy_init.sh
+ - -cx
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
env:
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . }}
- {{ end }}
+ {{- if (include "common.onServiceMesh" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
+ defaultMode: 0755
items:
- - key: db.sh
- path: db.sh
- - key: db_migrator_policy_init.sh
- path: db_migrator_policy_init.sh
- - key: db-pg.sh
- path: db-pg.sh
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
-
+{{ end }}
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-clamp-be:
- enabled: true
- db: *dbSecretsHook
- config:
- appUserExternalSecret: *policyAppCredsSecret
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-k8s-ppnt:
enabled: true
config:
appUserExternalSecret: *policyAppCredsSecret
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
- enabled: true
+ enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.5.0
+ image: onap/policy-db-migrator:2.5.1
schema: policyadmin
policy_home: "/opt/app/policy"
ingress:
enabled: false
service:
- - baseaddr: portal.api
+ - baseaddr: portal-ui
name: "portal-app"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
- port: {{ .Values.service.internalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
ingress:
enabled: false
service:
- - baseaddr: portal-sdk
+ - baseaddr: portal-sdk-api
name: "portal-sdk"
port: 8443
config:
GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}'
GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD]
# clamp info - everything is from the private oam network (also called onap private network)
-GLOBAL_CLAMP_SERVER_PROTOCOL = "https"
+GLOBAL_CLAMP_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-gui" "port" 2443) }}'
# nbi info - everything is from the private oam network (also called onap private network)
-GLOBAL_NBI_SERVER_PROTOCOL = "https"
-GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}'
+GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
# cli info - everything is from the private oam network (also called onap private network)
GLOBAL_CLI_SERVER_PROTOCOL = "https"
GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}'
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
# data router info - everything is from the private oam network (also called onap private network)
-GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = "https"
+GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "https"
-GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8443) }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
# dmaap message router info
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
GLOBAL_POMBA_CONTEXTAGGREGATOR_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-contextaggregator" "port" 9529) }}'
# microservice bus info - everything is from the private oam network (also called onap private network)
-GLOBAL_MSB_SERVER_PROTOCOL = "https"
-GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 443) }}'
+GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}'
# message router info - everything is from the private oam network (also called onap private network)
GLOBAL_MR_SERVER_PROTOCOL = "http"
GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
# bus controller info
-GLOBAL_BC_SERVER_PROTOCOL = "https"
-GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8443) }}'
+GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
# dcae inventory and deployment handler info
GLOBAL_MUSIC_SERVER_PROTOCOL = "https"
GLOBAL_MUSIC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "music" "port" 8443) }}'
# oof global info - everything is from the private oam network (also called onap private network)
-GLOBAL_OOF_SERVER_PROTOCOL = "https"
+GLOBAL_OOF_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
# oof-homing info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_HOMING_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-has-api" "port" 8091) }}'
GLOBAL_OOF_HOMING_USERNAME="{{ .Values.oofHomingUsername }}"
GLOBAL_PACKET_GENERATOR_PASSWORD = "admin"
GLOBAL_PGN_PORT = "2831"
# policy info - everything is from the private oam network (also called onap private network)
-GLOBAL_POLICY_SERVER_PROTOCOL = "https"
+GLOBAL_POLICY_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_POLICY_SERVER_PORT = "8081"
GLOBAL_POLICY_HEALTHCHECK_PORT = "6969"
GLOBAL_POLICY_AUTH = '{{ .Values.policyAuth}}'
GLOBAL_PORTAL_USERNAME = '{{ .Values.portalUsername }}'
GLOBAL_PORTAL_PASSWORD = '{{ .Values.portalPassword }}'
# sdnc info - everything is from the private oam network (also called onap private network)
-GLOBAL_SDNC_SERVER_PROTOCOL = "https"
-GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" 8443) }}'
-GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" 8443) }}'
+GLOBAL_SDNC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" ( ternary 8443 8282 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_SDNC_USERNAME = '{{ .Values.sdncUsername }}'
GLOBAL_SDNC_PASSWORD = '{{ .Values.sdncPassword }}'
GLOBAL_SDNC_AUTHENTICATION = [GLOBAL_SDNC_USERNAME, GLOBAL_SDNC_PASSWORD]
GLOBAL_VID_HEALTH_USERNAME = '{{ .Values.vidHealthUsername }}'
GLOBAL_VID_HEALTH_PASSWORD = '{{ .Values.vidHealthPassword }}'
# vnfsdk info - everything is from the private oam network (also called onap private network)
-GLOBAL_VNFSDK_SERVER_PROTOCOL = "https"
+GLOBAL_VNFSDK_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_VNFSDK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "refrepo" "port" 8703) }}'
GLOBAL_DCAE_VES_PROTOCOL = "http"
GLOBAL_DCAE_VES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector" "port" 8080) }}'
-GLOBAL_DCAE_VES_HTTPS_PROTOCOL = "https"
-GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" 8443) }}'
+GLOBAL_DCAE_VES_HTTPS_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_DCAE_VES_USERNAME = 'sample1'
GLOBAL_DCAE_VES_PASSWORD = 'sample1'
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.8.0
+image: onap/testsuite:1.11.0
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
ingress:
enabled: false
service:
- - baseaddr: "robot.api"
+ - baseaddr: "robot-api"
name: "robot"
port: 443
config:
serviceAccount:
nameOverride: robot
roles:
- - read
\ No newline at end of file
+ - read
ingress:
enabled: false
service:
- - baseaddr: "sdc.api.be"
+ - baseaddr: "sdc-be-api"
name: "sdc-be"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "sdc.api.fe"
+ - baseaddr: "sdc-fe-ui"
name: "sdc-fe"
port: 9443
+ plain_port: 8181
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "sdcwfdbe"
+ - baseaddr: "sdc-wfd-be-api"
name: "sdc-wfd-be"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "sdcwfdfe"
+ - baseaddr: "sdc-wfd-fe-ui"
name: "sdc-wfd-fe"
port: 8443
+ plain_port: 8080
annotations:
ingress.kubernetes.io/secure-backends: "false"
nginx.ingress.kubernetes.io/secure-backends: "false"
type: ClusterIP
ports:
- name: "{{ .Values.service.portName }}-restconf-alt"
- {{ if .Values.global.aafEnabled }}
port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- {{- else -}}
- port: {{ .Values.service.internalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-karaf"
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
ingress:
enabled: false
service:
- - baseaddr: "sdnc-dgbuilder"
+ - baseaddr: "sdnc-dgbuilder-ui"
name: "sdnc-dgbuilder"
port: 3000
- - baseaddr: "sdnc-web-service"
+ - baseaddr: "sdnc-web-service-api"
name: "sdnc-web-service"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "sdnc.api"
+ - baseaddr: "sdnc-api"
name: "sdnc"
port: 8443
+ plain_port: 8282
config:
ssl: "redirect"
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
{{- if .Values.global.aafEnabled }}
ssl:
ingress:
enabled: false
service:
- - baseaddr: "soadmincockpit"
+ - baseaddr: "so-admin-cockpit-ui"
name: "so-admin-cockpit"
port: 9091
config:
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
workflowAaiDistributionDelay: PT30S
pnfEntryNotificationTimeout: P14D
headers.minorVersion: 1
headers.latestVersion: 2
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
# limitations under the License.
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
enabled: {{ .Values.global.aai.enabled }}
logging:
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
spring:
datasource:
password: ${ETSI_NFVO_PASSWORD}
role: ETSI-NFVO-Client
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ .Values.containerPort }}
tomcat:
max-threads: 50
ingress:
enabled: false
service:
- - baseaddr: 'soetsinfvonslcm'
+ - baseaddr: 'so-etsi-nfvo-ns-lcm-api'
name: 'so-etsi-nfvo-ns-lcm'
port: 9095
config:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
spring:
security:
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
ssl:
enabled: false
ingress:
enabled: false
service:
- - baseaddr: "soetsisol003adapter"
+ - baseaddr: "so-etsi-sol003-adapter-api"
name: "so-etsi-sol003-adapter"
port: 9092
config:
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
logging:
path: logs
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
password: ${ACTUATOR_PASSWORD}
role: ACTUATOR
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
+SW port: {{ index .Values.containerPort }}
spring:
datasource:
hikari:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag
- msb-port: 443
- msb-scheme: https
+ msb-port: 80
+ msb-scheme: http
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
# will be used as entry in DB to say SITE OFF/ON for healthcheck
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
aai:
auth: {{.Values.aai.auth}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
spring:
datasource:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
asdc-connections:
asdc-controller1:
# limitations under the License.
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ index .Values.containerPort }}
mso:
msoKey: ${MSO_KEY}
*/}}
server:
+ {{- if include "common.onServiceMesh" . }}
+ forward-headers-strategy: none
+ {{- end }}
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
dmaap:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
{{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
{{ else }}
- endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
{{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
ingress:
enabled: false
service:
- - baseaddr: 'so.api'
+ - baseaddr: 'so-api'
name: 'so'
port: 8080
config:
ingress:
enabled: false
service:
- - baseaddr: uuiserver
+ - baseaddr: uui-server-api
name: "uui-server"
port: 8082
config:
ingress:
enabled: false
service:
- - baseaddr: "uui.api"
+ - baseaddr: "uui-ui"
name: "uui"
port: 8443
config:
ingress:
enabled: false
service:
- - baseaddr: "vid.api"
+ - baseaddr: "vid-ui"
name: "vid-http"
port: 8443
+ plain_port: 8080
config:
ssl: "redirect"
ingress:
enabled: false
service:
- - baseaddr: "refrepo"
+ - baseaddr: "vnfsdk-refrepo-api"
name: "refrepo"
port: 8703
config:
Code Review / oom.git / commitdiff