kubernetes/dist/*
kubernetes/common/dist/*
Chart.lock
-#**/charts/*.tgz
+**/charts/*.tgz
*.orig
# AAI Schema
local/sdnc-prom 10.0.0 ONAP SDNC Policy Driven Ownership Management
local/sniro-emulator 10.0.0 ONAP Mock Sniro Emulator
local/so 10.0.0 ONAP Service Orchestrator
+local/strimzi 10.0.0 ONAP Strimzi Apache Kafka
local/uui 10.0.0 ONAP uui
local/vfc 10.0.0 ONAP Virtual Function Controller (VF-C)
local/vid 10.0.0 ONAP Virtual Infrastructure Deployment
More details can be found :doc:`here <oom_setup_paas>`.
+**Step 4.1** Install Strimzi Kafka Operator:
+
+- Add the helm repo::
+
+ > helm repo add strimzi https://strimzi.io/charts/
+
+- Install the operator::
+
+ > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version 0.28.0 --set watchAnyNamespace=true --create-namespace
+
+More details can be found :doc:`here <oom_setup_paas>`.
+
**Step 5.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
to suit your deployment with items like the OpenStack tenant information.
.. Links
.. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/
.. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/
+.. _Strimzi Apache Kafka Operator helm Installation documentation: https://strimzi.io/docs/operators/in-development/deploying.html#deploying-cluster-operator-helm-chart-str
.. _oom_setup_paas:
Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part
of k8s PaaS for ONAP operations and can be installed to provide
additional functionality for ONAP engineers.
+Starting from Jakarta release, Strimzi Apache Kafka is deployed to provide
+Apache kafka as the default messaging bus for ONAP.
The versions of PaaS components that are supported by OOM are as follows:
.. table:: ONAP PaaS components
- ============== ============= =================
- Release Cert-Manager Prometheus Stack
- ============== ============= =================
+ ============== ============= ================= =======
+ Release Cert-Manager Prometheus Stack Strimzi
+ ============== ============= ================= =======
honolulu 1.2.0 13.x
istanbul 1.5.4 19.x
- ============== ============= =================
+ jakarta 0.28.0
+ ============== ============= ================= =======
This guide provides instructions on how to install the PaaS
components for ONAP.
:local:
..
+Strimzi Apache Kafka Operator
+=============================
+
+Strimzi provides a way to run an Apache Kafka cluster on Kubernetes
+in various deployment configurations by using kubernetes operators.
+Operators are a method of packaging, deploying, and managing a
+Kubernetes application.
+Strimzi Operators extend Kubernetes functionality, automating common
+and complex tasks related to a Kafka deployment. By implementing
+knowledge of Kafka operations in code, Kafka administration
+tasks are simplified and require less manual intervention.
+
+Installation steps
+------------------
+
+The recommended version of Strimzi for Kubernetes 1.19 is v0.28.0.
+The Strimzi cluster operator is deployed using helm to install the parent chart
+containing all of the required custom resource definitions. This should be done
+by a kubernetes administrator to allow for deployment of custom resources in to
+any kubernetes namespace within the cluster.
+
+Full installation instructions can be found in the
+`Strimzi Apache Kafka Operator helm Installation documentation`_.
+
+Installation can be as simple as:
+
+- Add the helm repo::
+
+ > helm repo add strimzi https://strimzi.io/charts/
+
+- Install the operator::
+
+ > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version 0.28.0 --set watchAnyNamespace=true --create-namespace
+
Cert-Manager
============
Pre-requisites
--------------
-Your environment must have the Kubernetes `kubectl` with Cert-Manager
+Your environment must have the Kubernetes `kubectl` with Strimzi Apache Kafka, Cert-Manager
and Helm setup as a one time activity.
Install Kubectl
At this point you should see Kubernetes pods running.
-Install Cert-Manager
-~~~~~~~~~~~~~~~~~~~~
-Details on how to install Cert-Manager can be found
-:doc:`here <oom_setup_paas>`.
-
Install Helm
~~~~~~~~~~~~
Helm is used by OOM for package and configuration management. To install Helm,
> helm version
+Install Strimzi Apache Kafka Operator
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Details on how to install Strimzi Apache Kafka can be found
+:doc:`here <oom_setup_paas>`.
+
+Install Cert-Manager
+~~~~~~~~~~~~~~~~~~~~
+Details on how to install Cert-Manager can be found
+:doc:`here <oom_setup_paas>`.
+
Install the Helm Repo
---------------------
Once kubectl and Helm are setup, one needs to setup a local Helm server to
{{/*
# Copyright © 2019 Orange
+# Modifications Copyright (C) 2022 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- define "common.labels" -}}
{{- $dot := default . .dot -}}
app.kubernetes.io/name: {{ include "common.name" $dot }}
+{{ if not .ignoreHelmChart }}
helm.sh/chart: {{ include "common.chart" $dot }}
+{{- end }}
app.kubernetes.io/instance: {{ include "common.release" $dot }}
app.kubernetes.io/managed-by: {{ $dot.Release.Service }}
{{ if .labels }}
{{- $annotations := default (dict) .annotations -}}
name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}}
namespace: {{ include "common.namespace" $dot }}
-labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }}
+labels: {{- include "common.labels" (dict "labels" $labels "ignoreHelmChart" .ignoreHelmChart "dot" $dot ) | nindent 2 }}
{{- if $annotations }}
annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}}
{{- end }}
{{- if $dot.Values.podAnnotations }}
annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $dot) | nindent 2 }}
{{- end }}
-labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+labels: {{- include "common.labels" (dict "labels" $labels "ignoreHelmChart" .ignoreHelmChart "dot" $dot) | nindent 2 }}
name: {{ include "common.name" $dot }}
{{- end -}}
{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange
+# Modifications Copyright (C) 2022 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
{{- $suffix := default "data" .suffix -}}
{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}}
-metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations) | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations "ignoreHelmChart" .ignoreHelmChart) | nindent 2 }}
spec:
accessModes:
- {{ $persistenceInfos.accessMode }}
accessMode: ReadWriteOnce
## Persistent Volume size
##
- size: 2Gi
+ size: 3Gi
## Additional pod labels
##
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
replicas: 1
+ strategy:
+ type: Recreate
selector:
matchLabels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
mail: email (optional)
You can also set the same things for dockerHub, elastic and googleK8s if
needed.
+ if not needed, set global.repositoryCred.user to empty value.
*/}}
{{- define "repositoryGenerator.secret" -}}
{{- $dot := default . .dot -}}
{{- if $subchartDot.Values.global.repositoryCred }}
{{- $repo := $subchartDot.Values.global.repository }}
{{- $cred := $subchartDot.Values.global.repositoryCred }}
- {{- $mail := default "@" $cred.mail }}
- {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
- {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }}
+ {{- if $cred.user }}
+ {{- $mail := default "@" $cred.mail }}
+ {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
+ {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }}
+ {{- end }}
{{- end }}
{{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
{{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }}
{{/*
# ============LICENSE_START=======================================================
-# Copyright (c) 2021 Bell Canada.
+# Copyright (c) 2021-2022 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
{{ include "common.podSecurityContext" . | indent 10 | trim}}
{{- end }}
{{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence "ignoreHelmChart" true) | indent 6 | trim }}
{{- end }}
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: {{ $policyRls }}-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: {{ $policyRls }}-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
aaf_identity: ""
aaf_password: ""
pm-mapper-filter: "{ \"filters\":[] }"
- key_store_path: ""
- key_store_pass_path: ""
- trust_store_path: ""
- trust_store_pass_path: ""
+ key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
+ key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
+ trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
+ trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
username: ${DR_USERNAME}
password: ${DR_PASSWORD}
location: san-francisco
- delivery_url: https://dcae-pm-mapper:8443/delivery
+ delivery_url: http://dcae-pm-mapper:8081/delivery
# DataRouter Feed Configuration
drFeedConfig:
userpwd: ${DR_PASSWORD}
dcaeLocationName: loc00
privilegedSubscriber: true
- deliveryURL: https://dcae-pm-mapper:8443/delivery
+ deliveryURL: http://dcae-pm-mapper:8081/delivery
# MessageRouter Topic, Publisher Configuration
mrTopicsConfig:
zookeeper:
name: message-router-zookeeper
port: 2181
- replicaCount: 3
+ replicaCount: 1
kafka:
heapOptions: -Xmx5G -Xms1G
debugEnabled: false
# default number of instances
-replicaCount: 3
+replicaCount: 1
# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
# default number of instances
-replicaCount: 3
+replicaCount: 1
-zookeeperServers: 3
+zookeeperServers: 1
nodeSelector: {}
fi
done
}
+
+
resolve_deploy_flags() {
flags=($1)
n=${#flags[*]}
echo "$DEPLOY_FLAGS"
}
+
+check_for_dep() {
+ try=0
+ retries=60
+ until (kubectl get deployment -n $HELM_NAMESPACE | grep -P "\b$1\b") &>/dev/null; do
+ (( ++try > retries )) && exit 1
+ echo "$1 not found. Retry $try/$retries"
+ sleep 10
+ done
+ echo "$1 found. Waiting for pod intialisation"
+ sleep 15
+}
+
+deploy_strimzi() {
+ #Deploy the srtimzi-kafka chart in advance. Dependent charts require the entity-operator
+ #for management of the strimzi crds
+ deploy_subchart
+ echo "waiting for ${RELEASE}-strimzi-entity-operator to be deployed"
+ check_for_dep ${RELEASE}-strimzi-entity-operator
+}
+
+deploy_subchart() {
+ if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then
+ LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log
+ :> $LOG_FILE
+
+ helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \
+ $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \
+ > $LOG_FILE 2>&1
+
+ if [ "$VERBOSE" = "true" ]; then
+ cat $LOG_FILE
+ else
+ echo "release \"${RELEASE}-${subchart}\" deployed"
+ fi
+ # Add annotation last-applied-configuration if set-last-applied flag is set
+ if [ "$SET_LAST_APPLIED" = "true" ]; then
+ helm get manifest "${RELEASE}-${subchart}" \
+ | kubectl apply set-last-applied --create-annotation -n $HELM_NAMESPACE -f - \
+ > $LOG_FILE.log 2>&1
+ fi
+ fi
+ if [ "$DELAY" = "true" ]; then
+ echo sleep 3m
+ sleep 180
+ fi
+}
+
deploy() {
# validate params
if [ -z "$1" ] || [ -z "$2" ]; then
# Add annotation last-applied-configuration if set-last-applied flag is set
if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest ${RELEASE} \
- | kubectl apply set-last-applied --create-annotation -n onap -f - \
+ | kubectl apply set-last-applied --create-annotation -n $HELM_NAMESPACE -f - \
> $LOG_FILE.log 2>&1
fi
fi
#“helm ls” is an expensive command in that it can take a long time to execute.
#So cache the results to prevent repeated execution.
ALL_HELM_RELEASES=$(helm ls -q)
- for subchart in * ; do
- SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
- SUBCHART_ENABLED=0
- if [ -f $SUBCHART_OVERRIDES ]; then
- SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true")
- fi
+ for subchart in strimzi cassandra mariadb-galera postgres ; do
+ SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
- if [ $SUBCHART_ENABLED -eq 1 ]; then
- if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then
- LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log
- :> $LOG_FILE
+ SUBCHART_ENABLED=0
+ if [ -f $SUBCHART_OVERRIDES ]; then
+ SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true")
+ fi
+ if [ "${subchart}" = "strimzi" ] && [ $SUBCHART_ENABLED -eq 1 ]; then
+ deploy_strimzi
+ fi
+ # Deploy them at first
+ if [ $SUBCHART_ENABLED -eq 1 ]; then
+ deploy_subchart
+ else
+ array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
+ n=${#array[*]}
+ for i in $(seq $(($n-1)) -1 0); do
+ helm del "${array[i]}"
+ done
+ fi
+ done
- helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \
- $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \
- > $LOG_FILE 2>&1
+ for subchart in * ; do
+ SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
- if [ "$VERBOSE" = "true" ]; then
- cat $LOG_FILE
- else
- echo "release \"${RELEASE}-${subchart}\" deployed"
- fi
- # Add annotation last-applied-configuration if set-last-applied flag is set
- if [ "$SET_LAST_APPLIED" = "true" ]; then
- helm get manifest "${RELEASE}-${subchart}" \
- | kubectl apply set-last-applied --create-annotation -n onap -f - \
- > $LOG_FILE.log 2>&1
- fi
+ SUBCHART_ENABLED=0
+ if [ -f $SUBCHART_OVERRIDES ]; then
+ SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true")
fi
- if [ "$DELAY" = "true" ]; then
- echo sleep 3m
- sleep 180
+ if [ "${subchart}" = "strimzi" ] || [ "${subchart}" = "cassandra" ] || [ "${subchart}" = "mariadb-galera" ] || [ "${subchart}" = "postgres" ]; then
+ SUBCHART_ENABLED=0
fi
- else
- array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
- n=${#array[*]}
- for i in $(seq $(($n-1)) -1 0); do
- helm del "${array[i]}"
- done
- fi
- done
+ # Deploy the others
+ if [ $SUBCHART_ENABLED -eq 1 ]; then
+ deploy_subchart
+ else
+ array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
+ n=${#array[*]}
+ for i in $(seq $(($n-1)) -1 0); do
+ helm del "${array[i]}"
+ done
+ fi
+ done
# report on success/failures of installs/upgrades
helm ls --all-namespaces | grep -i FAILED | grep $RELEASE
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.11
+image: onap/modeling/etsicatalog:1.0.13
pullPolicy: Always
#Istio sidecar injection policy
loggers:
fcaps:
- handlers: [fcaps_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
newton_base:
- handlers: [fcaps_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
common:
- handlers: [fcaps_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
handlers:
- fcaps_handler:
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ file_handler:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log"
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: rabbit-mq
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: fcaps-log
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-fcaps:1.5.6
+image: onap/multicloud/openstack-fcaps:1.5.7
pullPolicy: Always
#Istio sidecar injection policy
# rabbit-mq image resource
rabbitmq: rabbitmq:alpine
+# memcached image resource
+memcached: memcached:alpine3.15
+
#Pods Service Account
serviceAccount:
nameOverride: multicloud-fcaps
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.2
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.9.3
+image: onap/multicloud/k8s:0.10.0
pullPolicy: Always
# flag to enable debugging - application support required
loggers:
pike:
- handlers: [pike_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
newton_base:
- handlers: [pike_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
common:
- handlers: [pike_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
handlers:
- pike_handler:
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ file_handler:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/pike/pike.log"
{{ end }}
# side car containers
{{ include "common.log.sidecar" . | nindent 5 }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: pike-log
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-pike:1.5.6
+image: onap/multicloud/openstack-pike:1.5.7
pullPolicy: Always
#Istio sidecar injection policy
memory: 2Gi
unlimited: {}
+# memcached image resource
+memcached: memcached:alpine3.15
+
#Pods Service Account
serviceAccount:
nameOverride: multicloud-pike
loggers:
starlingx_base:
- handlers: [starlingx_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
starlingx:
- handlers: [starlingx_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
newton_base:
- handlers: [starlingx_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
common:
- handlers: [starlingx_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
handlers:
- starlingx_handler:
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ file_handler:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log"
{{ end }}
# side car containers
{{ include "common.log.sidecar" . | nindent 7 }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
name: framework-artifactbroker
command: ["/opt/app/distribution/bin/artifact-dist.sh"]
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.2
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.6
+image: onap/multicloud/openstack-starlingx:1.5.7
pullPolicy: Always
#Istio sidecar injection policy
memory: 2Gi
unlimited: {}
+# memcached image resource
+memcached: memcached:alpine3.15
+
#Pods Service Account
serviceAccount:
nameOverride: multicloud-starlingx
loggers:
titanium_cloud:
- handlers: [titanium_cloud_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
newton_base:
- handlers: [titanium_cloud_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
common:
- handlers: [titanium_cloud_handler]
+ handlers: [console_handler, file_handler]
level: "DEBUG"
propagate: False
handlers:
- titanium_cloud_handler:
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ file_handler:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log"
{{ end }}
# side car containers
{{ include "common.log.sidecar" . | nindent 7 }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
name: framework-artifactbroker
command: ["/opt/app/distribution/bin/artifact-dist.sh"]
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.2
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-windriver:1.5.6
+image: onap/multicloud/openstack-windriver:1.5.7
pullPolicy: Always
#Istio sidecar injection policy
memory: 2Gi
unlimited: {}
+# memcached image resource
+memcached: memcached:alpine3.15
+
#Pods Service Account
serviceAccount:
nameOverride: multicloud-windriver
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.7.2
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.3
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.7.1
+image: onap/multicloud/framework:1.7.3
pullPolicy: Always
#Istio sidecar injection policy
version: ~10.x-0
repository: '@local'
condition: so.enabled
+ - name: strimzi
+ version: ~10.x-0
+ repository: '@local'
+ condition: strimzi.enabled
- name: uui
version: ~10.x-0
repository: '@local'
so-vnfm-adapter:
ingress:
enabled: true
+strimzi:
+ enabled: true
uui:
enabled: true
vfc:
policy:
enabled: true
portal:
- enabled: true
+ enabled: false
robot:
enabled: true
sdc:
enabled: true
so:
enabled: true
+strimzi:
+ enabled: true
uui:
enabled: true
vfc:
enabled: true
so:
enabled: true
+strimzi:
+ enabled: true
vid:
enabled: true
openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+strimzi:
+ enabled: false
uui:
enabled: false
vid:
# server:
# monitoring:
# password: demo123456!
+strimzi:
+ enabled: false
uui:
enabled: false
vfc:
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~10.x-0
repository: 'file://components/policy-clamp-be'
condition: policy-clamp-be.enabled
- - name: policy-clamp-cl-k8s-ppnt
+ - name: policy-clamp-ac-k8s-ppnt
version: ~10.x-0
- repository: 'file://components/policy-clamp-cl-k8s-ppnt'
- condition: policy-clamp-cl-k8s-ppnt.enabled
- - name: policy-clamp-cl-http-ppnt
+ repository: 'file://components/policy-clamp-ac-k8s-ppnt'
+ condition: policy-clamp-ac-k8s-ppnt.enabled
+ - name: policy-clamp-ac-http-ppnt
version: ~10.x-0
- repository: 'file://components/policy-clamp-cl-http-ppnt'
- condition: policy-clamp-cl-http-ppnt.enabled
- - name: policy-clamp-cl-pf-ppnt
+ repository: 'file://components/policy-clamp-ac-http-ppnt'
+ condition: policy-clamp-ac-http-ppnt.enabled
+ - name: policy-clamp-ac-pf-ppnt
version: ~10.x-0
- repository: 'file://components/policy-clamp-cl-pf-ppnt'
- condition: policy-clamp-cl-pf-ppnt.enabled
- - name: policy-clamp-cl-runtime
+ repository: 'file://components/policy-clamp-ac-pf-ppnt'
+ condition: policy-clamp-ac-pf-ppnt.enabled
+ - name: policy-clamp-runtime-acm
version: ~10.x-0
- repository: 'file://components/policy-clamp-cl-runtime'
- condition: policy-clamp-cl-runtime.enabled
+ repository: 'file://components/policy-clamp-runtime-acm'
+ condition: policy-clamp-runtime-acm.enabled
- name: policy-gui
version: ~10.x-0
repository: 'file://components/policy-gui'
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
-# Modifications Copyright © 2021 Nordix Foundation
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Http Participant
-name: policy-clamp-cl-http-ppnt
+name: policy-clamp-ac-http-ppnt
version: 10.0.0
dependencies:
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+spring:
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+security:
+ enable-csrf: false
+
participant:
intermediaryParameters:
reportingTimeIntervalMs: 120000
name: HttpParticipant0
version: 1.0.0
participantType:
- name: org.onap.k8s.controlloop.HttpControlLoopParticipant
+ name: org.onap.policy.clamp.acm.HttpParticipant
version: 2.3.4
- clampControlLoopTopics:
+ clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-CLRUNTIME-PARTICIPANT
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
useHttps: true
topicSinks:
- - topic: POLICY-CLRUNTIME-PARTICIPANT
+ - topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8084
+ servlet:
+ context-path: /onap/httpparticipant
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
args:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
- name: cl-http-ppnt-config
+ name: ac-http-ppnt-config
- mountPath: /config
- name: cl-http-ppnt-config-processed
+ name: ac-http-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
- name: cl-http-ppnt-config-processed
+ name: ac-http-ppnt-config-processed
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: cl-http-ppnt-config
+ - name: ac-http-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
- - name: cl-http-ppnt-config-processed
+ - name: ac-http-ppnt-config-processed
emptyDir:
medium: Memory
imagePullSecrets:
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+{{ include "common.service" . }}\r
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets metaconfig
#################################################################
secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
- uid: keystore-password
type: password
externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
trustStorePassword: Pol1cy_0nap
certInitializer:
- nameOverride: policy-clamp-cl-http-ppnt-cert-initializer
+ nameOverride: policy-clamp-ac-http-ppnt-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: policy
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-http-ppnt:6.2.0
+image: onap/policy-clamp-ac-http-ppnt:6.2.1
pullPolicy: Always
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
# flag to enable debugging - application support required
debugEnabled: false
ingress:
enabled: false
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-http-ppnt
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 8084
+ nodePort: 42
+
+
flavor: small
resources:
small:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-cl-http-ppnt
+ nameOverride: policy-clamp-ac-http-ppnt
roles:
- read
# ============LICENSE_START=======================================================
# Copyright (C) 2021 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop K8s Participant
-name: policy-clamp-cl-k8s-ppnt
+name: policy-clamp-ac-k8s-ppnt
version: 10.0.0
dependencies:
name: K8sParticipant0
version: 1.0.0
participantType:
- name: org.onap.k8s.controlloop.K8SControlLoopParticipant
+ name: org.onap.policy.clamp.acm.KubernetesParticipant
version: 2.3.4
- clampControlLoopTopics:
+ clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
topicSinks:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+
server:
# Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
# See springboot documentation.
repos:
-
repoName: bitnami
- address: https://charts.bitnami.com/bitnami
\ No newline at end of file
+ address: https://charts.bitnami.com/bitnami
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
- name: cl-k8s-ppnt-config
+ name: ac-k8s-ppnt-config
- mountPath: /config
- name: cl-k8s-ppnt-config-processed
+ name: ac-k8s-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
name: localtime
readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
- name: cl-k8s-ppnt-config-processed
+ name: ac-k8s-ppnt-config-processed
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: cl-k8s-ppnt-config
+ - name: ac-k8s-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
- - name: cl-k8s-ppnt-config-processed
+ - name: ac-k8s-ppnt-config-processed
emptyDir:
medium: Memory
imagePullSecrets:
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: policy-clamp-cl-k8s-ppnt
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-cl-k8s-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: policy-clamp-cl-k8s-ppnt
+ namespace: {{ include "common.namespace" . }}
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
trustStorePassword: Pol1cy_0nap
certInitializer:
- nameOverride: policy-clamp-cl-k8s-ppnt-cert-initializer
+ nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: policy
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-k8s-ppnt:6.2.0
+image: onap/policy-clamp-ac-k8s-ppnt:6.2.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
- name: policy-clamp-cl-k8s-ppnt
+ name: policy-clamp-ac-k8s-ppnt
useNodePortExt: true
ports:
- name: http-api
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-cl-k8s-ppnt
+ nameOverride: policy-clamp-ac-k8s-ppnt
roles:
- create
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# Modifications Copyright © 2021 Nordix Foundation
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Policy Participant
-name: policy-clamp-cl-pf-ppnt
+name: policy-clamp-ac-pf-ppnt
version: 10.0.0
dependencies:
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+spring:
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+security:
+ enable-csrf: false
+
participant:
pdpGroup: defaultGroup
pdpType: apex
name: org.onap.PM_Policy
version: 1.0.0
participantType:
- name: org.onap.policy.controlloop.PolicyControlLoopParticipant
+ name: org.onap.policy.clamp.acm.PolicyParticipant
version: 2.3.1
- clampControlLoopTopics:
+ clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
topicSinks:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+
+server:
+ port: 8085
+ servlet:
+ context-path: /onap/policyparticipant
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }}
- name: PAP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
- name: cl-pf-ppnt-config
+ name: ac-pf-ppnt-config
- mountPath: /config
- name: cl-pf-ppnt-config-processed
+ name: ac-pf-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- name: TRUSTSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
- name: cl-pf-ppnt-config-processed
+ name: ac-pf-ppnt-config-processed
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: cl-pf-ppnt-config
+ - name: ac-pf-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
- - name: cl-pf-ppnt-config-processed
+ - name: ac-pf-ppnt-config-processed
emptyDir:
medium: Memory
imagePullSecrets:
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+{{ include "common.service" . }}\r
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets metaconfig
#################################################################
secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.participantppnt.user }}'
+ password: '{{ .Values.restServer.participantppnt.password }}'
+ passwordPolicy: required
- uid: api-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
trustStorePassword: Pol1cy_0nap
certInitializer:
- nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer
+ nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: policy
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-pf-ppnt:6.2.0
+image: onap/policy-clamp-ac-pf-ppnt:6.2.1
pullPolicy: Always
# flag to enable debugging - application support required
pap:
user: policyadmin
password: none
+ participantppnt:
+ user: participantUser
+ password: none
nodeSelector: {}
ingress:
enabled: false
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-ac-pf-ppnt
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 8085
+ nodePort: 42
+
flavor: small
resources:
small:
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-cl-pf-ppnt
+ nameOverride: policy-clamp-ac-pf-ppnt
roles:
- read
# reserved.
# ================================================================================
# Modifications copyright (c) 2019 Nokia
+# Modifications Copyright (c) 2022 Nordix Foundation
# ================================================================================\
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
# Configuration settings for ControlLoop Runtime Rest API
-clamp.config.controlloop.runtime.url=https://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969
-clamp.config.controlloop.runtime.userName=${RUNTIME_USER}
-clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD}
-
+clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969
+clamp.config.acm.runtime.userName=${RUNTIME_USER}
+clamp.config.acm.runtime.password=${RUNTIME_PASSWORD}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2021 AT&T
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.0
+image: onap/policy-clamp-backend:6.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# Copyright (C) 2021 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
-name: policy-clamp-cl-runtime
+name: policy-clamp-runtime-acm
version: 10.0.0
dependencies:
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
driverClassName: org.mariadb.jdbc.Driver
username: ${SQL_USER}
password: ${SQL_PASSWORD}
idleTimeout: 600000
maxLifetime: 1800000
maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: update
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ format_sql: true
security:
enable-csrf: false
server:
port: 6969
servlet:
- context-path: /onap/controlloop
+ context-path: /onap/policy/clamp/acm
error:
path: /error
runtime:
- supervisionScannerIntervalSec: 1000
- participantClUpdateIntervalSec: 1000
- participantClStateChangeIntervalSec: 1000
participantParameters:
heartBeatMs: 120000
maxMessageAgeMs: 600000
updateParameters:
maxRetryCount: 3
maxWaitMs: 100000
- databasePlatform: org.eclipse.persistence.platform.database.MySQLPlatform
- databaseProviderParameters:
- name: PolicyProviderParameterGroup
- implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
- databaseDriver: org.mariadb.jdbc.Driver
- databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
- databaseUser: ${SQL_USER}
- databasePassword: ${SQL_PASSWORD}
- persistenceUnit: CommissioningMariaDb
topicParameterGroup:
topicSources:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
topicSinks:
-
- topic: POLICY-CLRUNTIME-PARTICIPANT
+ topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
<!--
============LICENSE_START=======================================================
- Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ Copyright (C) 2021-2022 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/onap/policy/pap/error.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/error.%d{yyyy-MM-dd}.%i.log.zip
</fileNamePattern>
<maxFileSize>50MB</maxFileSize>
<maxHistory>30</maxHistory>
<appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/onap/policy/pap/debug.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/debug.%d{yyyy-MM-dd}.%i.log.zip
</fileNamePattern>
<maxFileSize>50MB</maxFileSize>
<maxHistory>30</maxHistory>
</appender>
<appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/policy-clamp-cl-runtime/network.log</file>
+ <file>/var/log/onap/policy/policy-clamp-runtime-acm/network.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/network.%d{yyyy-MM-dd}.%i.log.zip
</fileNamePattern>
<maxFileSize>50MB</maxFileSize>
<maxHistory>30</maxHistory>
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
- name: cl-runtime-config
+ name: ac-runtime-config
- mountPath: /config
- name: cl-runtime-config-processed
+ name: ac-runtime-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
{{- if .Values.global.aafEnabled }}
command: ["sh","-c"]
args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
{{- else }}
- command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"]
- args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
env:
- name: KEYSTORE_PASSWD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
name: localtime
readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
- name: cl-runtime-config-processed
+ name: ac-runtime-config-processed
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: cl-runtime-config
+ - name: ac-runtime-config
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
- - name: cl-runtime-config-processed
+ - name: ac-runtime-config-processed
emptyDir:
medium: Memory
imagePullSecrets:
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
trustStorePassword: Pol1cy_0nap
certInitializer:
- nameOverride: policy-clamp-cl-runtime-cert-initializer
+ nameOverride: policy-clamp-runtime-acm-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: policy
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-cl-runtime:6.2.0
+image: onap/policy-clamp-runtime-acm:6.2.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
- name: policy-clamp-cl-runtime
+ name: policy-clamp-runtime-acm
useNodePortExt: true
ports:
- name: http-api
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-cl-runtime
+ nameOverride: policy-clamp-runtime-acm
roles:
- read
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in migration pooling policyadmin policyclamp operationshistory controlloop
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
-policy-clamp-cl-k8s-ppnt:
+policy-clamp-ac-k8s-ppnt:
enabled: true
-policy-clamp-cl-pf-ppnt:
+policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
-policy-clamp-cl-http-ppnt:
+policy-clamp-ac-http-ppnt:
enabled: true
policy-nexus:
enabled: false
-policy-clamp-cl-runtime:
+policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
- name: repositoryGenerator
version: ~10.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~10.x-0
+ repository: '@local'
./registry-initialize.sh -h dcaegen2-services-common -n $NAMESPACE -r $HELM_RELEASE
./registry-initialize.sh -h postgres -n $NAMESPACE -r $HELM_RELEASE
./registry-initialize.sh -h serviceAccount -n $NAMESPACE -r $HELM_RELEASE
+ ./registry-initialize.sh -h mongo -n $NAMESPACE -r $HELM_RELEASE
+ ./registry-initialize.sh -h common -n $NAMESPACE -r $HELM_RELEASE
fi
cd $CURRENT_DIR
fi
service:
name: robot
- type: NodePort
+ type: ClusterIP
portName: httpd
externalPort: 443
internalPort: 443
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: robot/logs
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: robot
+ roles:
+ - read
\ No newline at end of file
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.9.2
+image: onap/so/bpmn-infra:1.10.0
pullPolicy: Always
bpmn:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.9.2
+image: onap/so/catalog-db-adapter:1.10.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.9.2
+image: onap/so/so-cnf-adapter:1.10.0
pullPolicy: Always
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.9.2
+image: onap/so/openstack-adapter:1.10.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.9.2
+image: onap/so/request-db-adapter:1.10.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.9.2
+image: onap/so/sdc-controller:1.10.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.9.2
+image: onap/so/sdnc-adapter:1.10.0
pullPolicy: Always
org:
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.9.2
+image: onap/so/api-handler-infra:1.10.0
server:
aaf:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+Chart.lock
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP Strimzi kafka
+name: strimzi
+version: 10.0.0
+
+dependencies:
+ - name: common
+ version: ~10.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~10.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~10.x-0
+ repository: '@local'
+
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ kafka:
+ version: {{ .Values.version }}
+ replicas: {{ .Values.replicaCount }}
+ listeners:
+ - name: plain
+ port: {{ .Values.kafkaInternalPort }}
+ type: internal
+ tls: false
+ authentication:
+ type: {{ .Values.saslMechanism }}
+ - name: tls
+ port: 9093
+ type: internal
+ tls: true
+ authentication:
+ type: tls
+ - name: external
+ port: 9094
+ type: nodeport
+ tls: true
+ authentication:
+ type: tls
+ configuration:
+ bootstrap:
+ nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ brokers:
+ - broker: 0
+ nodePort: {{ .Values.global.nodePortPrefixExt }}92
+ - broker: 1
+ nodePort: {{ .Values.global.nodePortPrefixExt }}93
+ authorization:
+ type: simple
+ superUsers:
+ - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }}
+ template:
+ pod:
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ config:
+ offsets.topic.replication.factor: {{ .Values.replicaCount }}
+ transaction.state.log.replication.factor: {{ .Values.replicaCount }}
+ transaction.state.log.min.isr: 2
+ log.message.format.version: "3.0"
+ inter.broker.protocol.version: "3.0"
+ storage:
+ type: jbod
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+ volumes:
+ - id: 0
+ type: persistent-claim
+ size: {{ .Values.persistenceKafka.size }}
+ deleteClaim: true
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+ zookeeper:
+ template:
+ pod:
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ replicas: {{ .Values.replicaCount }}
+ config:
+ ssl.hostnameVerification: false
+ storage:
+ type: persistent-claim
+ size: {{ .Values.persistenceZk.size }}
+ deleteClaim: true
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
+ entityOperator:
+ topicOperator: {}
+ userOperator: {}
+
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+replicaCount: 2
+kafkaInternalPort: 9092
+saslMechanism: scram-sha-512
+version: 3.0.0
+kafkaStrimziAdminUser: strimzi-kafka-admin
+persistence: {}
+
+persistenceKafka:
+ enabled: true
+ size: 2Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/kafka
+persistenceZk:
+ enabled: true
+ size: 2Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/zk
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: strimzi-kafka
+ roles:
+ - read
Code Review / oom.git / commitdiff