-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
#Update the /etc/exports
NFS_EXP=""
for i in $@; do
- NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+ NFS_EXP="${NFS_EXP}$i(rw,sync,no_root_squash,no_subtree_check) "
done
echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
apt-get update
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
sudo apt-get install make -y
################################################################################
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if not .Values.persistence.storageClass -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/app
-{{- end -}}
-{{- end -}}
+
+{{ include "common.replicaPV" . }}
+++ /dev/null
-{{/*
-################################################################################
-# Copyright (c) 2021 Nordix Foundation. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- {{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
- {{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.fullname" . }}-data
-{{- end -}}
################################################################################
*/}}
-kind: Deployment
+kind: StatefulSet
apiVersion: apps/v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ index .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
subPath: application_configuration.json
- name: config
mountPath: /opt/app/policy-agent/config/application.yaml
- subPath: application.yaml
- - name: vardata
+ subPath: application.yaml
+ - name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: config
emptyDir:
medium: Memory
- - name: vardata
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+{{- if not .Values.persistence.enabled }}
+ - name: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - {{include "common.PVCTemplate" . | indent 6 | trim }}
+{{- end }}
global:
nodePortPrefix: 302
-
+ persistence: {}
+
secrets:
- uid: controller-secret
type: basicAuth
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
+ value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
show databases like 'sdnctl';
END
)
- if [ "x${sdnc_db_exists}" = "x" ]
+ if [ "${sdnc_db_exists}" = "" ]
then
echo "Installing SDNC database"
${SDNC_HOME}/bin/installSdncDb.sh
show databases like 'appcctl';
END
)
- if [ "x${appc_db_exists}" = "x" ]
+ if [ "${appc_db_exists}" = "" ]
then
echo "Installing APPC database"
${APPC_HOME}/bin/installAppcDb.sh
dbServiceName: *appc-db
service:
name: appc-dgbuilder
-
+ serviceAccount:
+ nameOverride: appc-dgbuilder
ingress:
enabled: false
service:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-blueprints-processor
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-command-executor
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-py-executor
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-sdc-listener
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
cpu: 200m
memory: 200Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cds-ui
+ roles:
+ - read
#!/bin/bash
+
set -e
# first arg is `-f` or `--some-option`
if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
\! -user cassandra -exec chown cassandra '{}' +
- exec gosu cassandra "$BASH_SOURCE" "$@"
+ exec gosu cassandra "$0" "$@"
fi
_ip_address() {
authenticator \
; do
var="CASSANDRA_${yaml^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
for rackdc in dc rack; do
var="CASSANDRA_${rackdc^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
+++ /dev/null
-{{/*
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{/*
-In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
-certificate will be requested from separate init container
-
-Minimum example of array in target component values.yaml:
-certificates:
- - mountPath: /var/custom-certs
- commonName: common-name
-
-Full example (other fields are ignored):
-certificates:
- - mountPath: /var/custom-certs
- caName: RA
- keystore:
- outputType:
- - jks
- commonName: common-name
- dnsNames:
- - dns-name-1
- - dns-name-2
- ipAddresses:
- - 192.168.0.1
- - 192.168.0.2
- emailAddresses:
- - email-1@onap.org
- - email-2@onap.org
- uris:
- - http://uri-1.onap.org
- - http://uri-2.onap.org
- subject:
- organization: Linux-Foundation
- country: US
- locality: San Francisco
- province: California
- organizationalUnit: ONAP
-
-There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
- 1. In initContainers section:
- {{ include "common.certServiceClient.initContainer" . | indent 6 }}
- 2. In volumeMounts section of container using certificates:
- {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- 3. In volumes section:
- {{ include "common.certServiceClient.volumes" . | indent 8 }}
-
-*/}}
-
-{{- define "common.certServiceClient.initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{/*# General certifiacate attributes #*/}}
-{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default (list) $certificate.dnsNames -}}
-{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
-{{- $uris := default (list) $certificate.uris -}}
-{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
-{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
-{{- $sans := join "," $sansList }}
-{{/*# Subject #*/}}
-{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
-{{- $country := $subchartGlobal.certificate.default.subject.country -}}
-{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
-{{- $province := $subchartGlobal.certificate.default.subject.province -}}
-{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
-{{- if $certificate.subject -}}
-{{- $organization := $certificate.subject.organization -}}
-{{- $country := $certificate.subject.country -}}
-{{- $locality := $certificate.subject.locality -}}
-{{- $province := $certificate.subject.province -}}
-{{- $orgUnit := $certificate.subject.organizationalUnit -}}
-{{- end -}}
-{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
-{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
-{{- if $certificate.keystore -}}
-{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
-{{- $outputType = mustFirst ($outputTypeList) | upper -}}
-{{- end -}}
-{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
-{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
-{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
-{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
-{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
-{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
-{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
-{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
-{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
-- name: certs-init-{{ $index }}
- image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- env:
- - name: REQUEST_URL
- value: {{ $requestUrl | quote }}
- - name: REQUEST_TIMEOUT
- value: {{ $requestTimeout | quote }}
- - name: OUTPUT_PATH
- value: {{ $certPath | quote }}
- - name: OUTPUT_TYPE
- value: {{ $outputType | quote }}
- - name: CA_NAME
- value: {{ $caName | quote }}
- - name: COMMON_NAME
- value: {{ $commonName | quote }}
- - name: SANS
- value: {{ $sans | quote }}
- - name: ORGANIZATION
- value: {{ $organization | quote }}
- - name: ORGANIZATION_UNIT
- value: {{ $orgUnit | quote }}
- - name: LOCATION
- value: {{ $locality | quote }}
- - name: STATE
- value: {{ $province | quote }}
- - name: COUNTRY
- value: {{ $country | quote }}
- - name: KEYSTORE_PATH
- value: {{ $keystorePath | quote }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $keystorePasswordSecret | quote}}
- key: {{ $keystorePasswordSecretKey | quote}}
- - name: TRUSTSTORE_PATH
- value: {{ $truststorePath | quote }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $truststorePasswordSecret | quote}}
- key: {{ $truststorePasswordSecretKey | quote}}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: {{ $certPath }}
- name: cmpv2-certs-volume-{{ $index }}
- - mountPath: {{ $certificatesSecretMountPath }}
- name: certservice-tls-volume
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
-- name: certservice-tls-volume
- secret:
- secretName: {{ $certificatesSecretName }}
-{{ range $index, $certificate := $dot.Values.certificates -}}
-- name: cmpv2-certs-volume-{{ $index }}
- emptyDir:
- medium: Memory
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumeMounts" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{- $mountPath := $certificate.mountPath -}}
-- mountPath: {{ $mountPath }}
- name: cmpv2-certs-volume-{{ $index }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
certificate:
default:
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: 'file://../serviceAccount'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
memory: 4Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dgbuilder
+ roles:
+ - read
##
type: ClusterIP
headless: {}
+ internalPort: &dbPort 3306
ports:
- name: mysql
- port: 3306
+ port: *dbPort
headlessPorts:
- name: galera
port: 4567
#!/bin/bash
+
{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
while read DB ; do
USER_VAR="MYSQL_USER_${DB^^}"
PASS_VAR="MYSQL_PASSWORD_${DB^^}"
- USER=${!USER_VAR}
- PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+{{/*
+ # USER=${!USER_VAR}
+ # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+ # eval replacement of the bashism equivalents above might present a security issue here
+ # since it reads content from DB values filled by helm at the end of the script.
+ # These possible values has to be constrainted and/or limited by helm for a safe use of eval.
+*/}}
+ eval USER=\$$USER_VAR
+ PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g")
MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} )
echo "Creating database ${DB} and user ${USER}..."
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.certserviceclient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
-{{- end -}}
-
{{- define "repositoryGenerator.image.dcaepolicysync" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }}
{{- end -}}
{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- $repoCreds := "" }}
- {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- if $subchartDot.Values.global.repositoryCred }}
{{- $repo := $subchartDot.Values.global.repository }}
{{- $cred := $subchartDot.Values.global.repositoryCred }}
{{- $mail := default "@" $cred.mail }}
# common global images
busyboxImage: busybox:1.32
curlImage: curlimages/curl:7.69.1
- certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
imageRepoMapping:
busyboxImage: dockerHubRepository
curlImage: dockerHubRepository
- certServiceClientImage: repository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
jreImage: repository
#!/bin/bash -e
-#
+
# Copyright 2020 Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
deploy() {
local ingress_ip=$(ingress_controller_ip)
- pushd "$SPATH/bind9dns" > /dev/null
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
if [ $# -eq 0 ]; then
local cl_domain="simpledemo.onap.org"
else
shift
fi
helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- popd > /dev/null
+ cd $initdir
target_machine_notice_info
}
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
+OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
*/}}
{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
true
{{- end -}}
{{- end -}}
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 5
clean:
@rm -f */requirements.lock
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Nordix Foundation.
+# Copyright (c) 2021 AT&T. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
appVersion: "Honolulu"
-description: A Helm chart for DCAE PMSH
+description: DCAE PMSH Service
name: dcae-pmsh
-version: 8.0.0
\ No newline at end of file
+version: 8.0.0
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
\ No newline at end of file
+ repository: '@local'
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE SliceAnalysis MS charts
+name: dcae-slice-analysis-ms
+version: 8.0.0
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
-dependencies:
- - name: common
- version: ~8.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: 'file://../repositoryGenerator'
- - name: cmpv2Config
- version: ~8.x-0
- repository: 'file://../cmpv2Config'
+{{ include "common.secretFast" . }}
-# Copyright © 2021 Nokia
-#
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
-apiVersion: v1
-description: Template used to add cmpv2 certificates to components
-name: cmpv2Certificate
-version: 8.0.0
+{{ include "common.service" . }}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sliceanalysisms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/sliceanalysisms
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/sliceanalysisms/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-sliceanalysisms-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /healthcheck
+ scheme: HTTP
+ port: 8080
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-slice-analysis-ms
+ ports:
+ - name: https
+ port: 8080
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: PG_USERNAME
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ aafUsername: ${AAF_IDENTITY}
+ aafPassword: ${AAF_PASSWORD}
+ postgres.host: dcae-sliceanalysisms-pg-primary
+ postgres.port: 5432
+ postgres.username: ${PG_USERNAME}
+ postgres.password: ${PG_PASSWORD}
+ trust_store_path: /opt/app/sliceanalysisms/etc/cert/trust.jks
+ trust_store_pass_path: /opt/app/sliceanalysisms/etc/cert/trust.pass
+ sliceanalysisms.pollingInterval: 20
+ sliceanalysisms.pollingTimeout: 60
+ cbsPollingInterval: 60
+ sliceanalysisms.namespace: onap
+ sliceanalysisms.dmaap.server: ["message-router"]
+ sliceanalysisms.bufferTime: 60
+ sliceanalysisms.cg: sliceanalysisms-cg
+ sliceanalysisms.cid: sliceanalysisms-cid
+ sliceanalysisms.configDb.service: http://config-db:8080
+ sliceanalysisms.configDbEnabled: true
+ sliceanalysisms.aai.url: https://aai.onap.svc.cluster.local:8443/aai/v21
+ sliceanalysisms.cps.url: https://cps:8088
+ sliceanalysisms.samples: 3
+ sliceanalysisms.minPercentageChange: 5
+ sliceanalysisms.initialDelaySeconds: 120000
+ streams_publishes:
+ CL_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.DCAE_CL_OUTPUT
+ streams_subscribes:
+ performance_management_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ intelligent_slicing_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.ML_RESPONSE_TOPIC
+ dcae_cl_response_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/DCAE_CL_RSP
+
+applicationEnv:
+ STANDALONE: 'false'
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: dcae-sliceanalysisms-pg-primary
+ name3: dcae-sliceanalysisms-pg-replica
+ container:
+ name:
+ primary: dcae-sliceanalysisms-pg-primary
+ replica: dcae-sliceanalysisms-pg-replica
+ persistence:
+ mountSubPath: sliceanalysisms/data
+ mountInitPath: sliceanalysisms
+ config:
+ pgUserName: sliceanalysisms
+ pgDatabase: sliceanalysisms
+ pgUserExternalSecret: *pgUserCredsSecretName
# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common'
+ repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: '@local'
- name: dcae-ms-healthcheck
version: ~8.x-0
- repository: 'file://components/dcae-ms-healthcheck'
+ repository: '@local'
+ #repository: 'file://components/dcae-ms-healthcheck'
condition: dcae-ms-healthcheck.enabled
- name: dcae-pmsh
version: ~8.x-0
- repository: 'file://components/dcae-pmsh'
+ repository: '@local'
+ #repository: 'file://components/dcae-pmsh'
condition: dcae-pmsh.enabled
- name: dcae-prh
version: ~8.x-0
- repository: 'file://components/dcae-prh'
+ repository: '@local'
+ #repository: 'file://components/dcae-prh'
condition: dcae-bootstrap.enabled
- name: dcae-tcagen2
version: ~8.x-0
- repository: 'file://components/dcae-tcagen2'
+ repository: '@local'
+ #repository: 'file://components/dcae-tcagen2'
condition: dcae-tcagen2.enabled
- name: dcae-ves-collector
version: ~8.x-0
- repository: 'file://components/dcae-ves-collector'
+ repository: '@local'
+ #repository: 'file://components/dcae-ves-collector'
condition: dcae-ves-collector.enabled
- name: dcae-hv-ves-collector
version: ~8.x-0
- repository: 'file://components/dcae-hv-ves-collector'
+ repository: '@local'
+ #repository: 'file://components/dcae-hv-ves-collector'
condition: dcae-hv-ves-collector.enabled
+ - name: dcae-slice-analysis-ms
+ version: ~8.x-0
+ repository: '@local'
+ #repository: 'file://components/dcae-slice-analysis-ms'
+ condition: dcae-slice-analysis-ms.enabled
name: {{ include "common.release" . }}-dcae-external-repo-configmap-sa91-rel16
namespace: {{ include "common.namespace" . }}
data:
-{{ (.Files.Glob "resources/external/schema/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file
+{{ (.Files.Glob "resources/external/schemas/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file
enabled: true
dcae-ves-collector:
enabled: true
+dcae-slice-analysis-ms:
+ enabled: false
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.2.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
},
"external_cert": {
- "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
- "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
- "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
"country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
"organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
"state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
},
"cmpv2_issuer": {
- "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}",
+ "enabled": "true",
"name": "{{ .Values.cmpv2issuer.name }}"
}
}
repositoryCred:
user: docker
password: docker
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
cmpv2issuer:
name: cmpv2-issuer-onap
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: 4000m
+ memory: 4Gi
requests:
- cpu: 1
+ cpu: 1500m
memory: 1Gi
large:
limits:
importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
importClamp: plugin:clamppolicyplugin?version=1.1.0
- importDMaaP: plugin:dmaap?version=1.5.0
+ importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0
useDmaapPlugin: false
bpResourcesCpuLimit: 250m
bpResourcesMemoryLimit: 128Mi
"topicName": "PNF_READY",
"topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
"owner": "PNFRegistrationHandler",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicName": "PNF_REGISTRATION",
"topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
"owner": "VEScollector",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicDescription": "the topic used to provision the MM agent whitelist",
"replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
- "txenabled": false,
+ "tnxEnabled": false,
"partitionCount": "1",
"clients": [
{
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.5
+image: onap/dmaap/dmaap-bc:2.0.6
# application configuration
fi
if [ "$DELAY" = "true" ]; then
echo sleep 3m
- sleep 3m
+ sleep 180
fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
;;
esac
-exit 0
\ No newline at end of file
+exit 0
global:
addTestingComponents: &testing true
centralizedLoggingEnabled: ¢ralizedLogging false
- CMPv2CertManagerIntegration: false
cassandra:
enabled: true
mariadb-galera:
# Copyright © 2020 Nordix Foundation
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
cmpv2Enabled: true
- CMPv2CertManagerIntegration: true
- platform:
- certServiceClient:
- envVariables:
- # Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
platform:
certificates:
clientSecretName: oom-cert-service-client-tls-secret
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-certificates-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
# Indicates offline deployment build
# Set to true if you are rendering helm charts for offline deployment
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.db.container }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
global: # global defaults
nodePortPrefix: 302
readinessImage: onap/oom/readiness:3.0.1
+ mariadbGalera: {}
subChartsOnly:
enabled: true
# as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
+mariadb-galera: {}
config:
aaf:
password: pass
# userCredentialsExternalSecret: some-secret
db:
- port: 3306
# rootPassword: pass
# rootPasswordExternalSecret: some secret
user: cmso-admin
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.db.container }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
#################################################################
global: # global defaults
nodePortPrefix: 302
+ mariadbGalera: {}
subChartsOnly:
enabled: true
# as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
+mariadb-galera: {}
config:
aaf:
password: pass
# userCredentialsExternalSecret: some-secret
db:
- port: 3306
# rootPassword: pass
# rootPasswordExternalSecret: some secret
user: cmso-admin
- name: mariadb-galera
version: ~8.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~8.x-0
repository: '@local'
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ commonConfigPrefix: "oof-cmso"
+ truststoreFile: "truststoreONAPall.jks"
+ keystoreFile: "org.onap.oof.jks"
+ truststorePassword:
+ authentication: aaf-auth
+ mariadbGalera: &mariadbGalera
+ #This flag allows OOF-CMSO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
login: '{{ .Values.config.aaf.user }}'
password: '{{ .Values.config.aaf.password }}'
-mariadb-galera:
+mariadb-galera: &localMariadb
replicaCount: 1
nameOverride: &dbName cmso-db
nfsprovisionerPrefix: cmso
serviceAccount:
nameOverride: *dbName
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- truststorePassword:
- authentication: aaf-auth
-
mariadb-init:
- mariadbGalera:
- containerName: *dbName
- serviceName: *dbName
- servicePort: 3306
- userRootSecret: *rootPassword
config:
userCredentialsExternalSecret: *serviceDbCreds
mysqlDatabase: cmso
certInitializer:
<< : *certInitConfig
nameOverride: oof-cmso-service-cert-initializer
+ mariadb-galera: *localMariadb
config:
db:
userCredentialsExternalSecret: *serviceDbCreds
- host: *dbName
- container: *dbName
mysqlDatabase: cmso
aaf:
userCredentialsExternalSecret: *aafCreds
certInitializer:
<< : *certInitConfig
nameOverride: oof-cmso-optimizer-cert-initializer
+ mariadb-galera: *localMariadb
config:
enabled: true
db:
userCredentialsExternalSecret: *optimizerDbCreds
- host: *dbName
- container: *dbName
mysqlDatabase: optimizer
aaf:
userCredentialsExternalSecret: *aafCreds
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
repository: "nexus3.onap.org:10001"
- CMPv2CertManagerIntegration: false
namespace: onap
cmpv2Enabled: true
addTestingComponents: false
- certService:
- certServiceClient:
- secret:
- name: oom-cert-service-client-tls-secret
-
#################################################################
# Application configuration defaults.
#################################################################
#!/bin/bash
+
set -eo pipefail
shopt -s nullglob
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
if [ "${!var:-}" ]; then
- val="${!var}"
+ eval val=\$$var
elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
+ val="$(< "$(eval echo "\$$fileVar")")"
fi
export "$var"="$val"
unset "$fileVar"
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=()
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs+=( '--dont-use-mysql-root-password' )
+ extraArgs=${extraArgs}( '--dont-use-mysql-root-password' )
fi
if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then
break
# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
# (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
+ installArgs=${installArgs}( --auth-root-authentication-method=normal )
fi
# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
mysql_install_db "${installArgs[@]}" "${@:2}"
docker_process_sql() {
passfileArgs=()
if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs+=( "$1" )
+ passfileArgs=${passfileArgs}( "$1" )
shift
fi
# args sent in can override this db, since they will be later in the command
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$BASH_SOURCE" "$@"
+ exec gosu mysql "$0" "$@"
fi
# there's no database, so it needs to be initialized
if [ $execscript ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
#!/bin/bash
+
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+THIS_DIR="$( cd "$( dirname "$0" )" >/dev/null 2>&1 && pwd )"
NAMESPACE=
FOLDER=
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/results.json "$OUTPUT_DIRECTORY"/results.json
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/log.html "$OUTPUT_DIRECTORY"/log.html
-pushd .
+initdir=$(pwd)
# echo -e "import hashlib\nwith open(\"README.md\", \"r\") as f: bytes = f.read()\nreadable_hash = hashlib.sha256(bytes).hexdigest()\nprint(readable_hash)" | python
cd "$OUTPUT_DIRECTORY"
tar -czvf vnf_heat_results.tar.gz *
-popd
+cd $initdir
echo "VNF test results: $OUTPUT_DIRECTORY/vnf_heat_results.tar.gz"
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 200m
memory: 300Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
ingress:
enabled: false
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-cs
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-fe
+ roles:
+ - read
global:
pullPolicy: Always
-image: onap/org.onap.sdc.sdc-helm-validator:1.2.0
+image: onap/org.onap.sdc.sdc-helm-validator:1.2.1
containerPort: &svc_port 8080
config:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-onboarding-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: "{{ .Values.config.serverSSLTrustStoreType }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-fe
+ roles:
+ - read
#!/bin/bash
-{{/*
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
- name: certInitializer
version: ~8.x-0
repository: '@local'
- - name: cmpv2Certificate
- version: ~8.x-0
- repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
[pnfRegistration]
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# limitations under the License.
*/}}
-{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
name: {{ include "common.name" . }}-readiness
{{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
-{{ include "common.certServiceClient.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+ {{- if .Values.global.cmpv2Enabled }}
{{- $linkCommand := include "common.certManager.linkVolumeMounts" . }}
lifecycle:
postStart:
value: "{{ .Values.config.sdnr.netconfCallHome.enabled | default "false" }}"
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
-{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- mountPath: /etc/localtime
emptyDir: {}
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
-{{ include "common.certServiceClient.volumes" . | nindent 8 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumes" . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
#################################################################
# Secrets metaconfig
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ serviceAccount:
+ nameOverride: sdnc-dgbuilder
mariadb-galera:
service:
name: sdnc-dgbuilder
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-admin-cockpit
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
key: VIlbtVl6YLhNUrtU
secret: 64AG2hF4pYeG2pq7CT6XwUOT
service: ueb
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-appc-orchestrator
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-bpmn-infra
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+serviceAccount:
+ nameOverride: so-catalog-db-adapter
+ roles:
+ - read
+
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
tolerations: []
affinity: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-cnf-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{ include "common.containerPorts" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-nfvo-ns-lcm
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- containerPort: {{ .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-sol003-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- containerPort: {{ .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-etsi-sol005-adapter
+ roles:
+ - read
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
readOnly: true
- name: backup-storage
mountPath: /var/data/mariadb
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
mountPath: /dockerdata-nfs
mountSubPath: so/migration
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-mariadb
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-nssmf-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-oof-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-openstack-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-request-db-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-sdc-controller
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-sdnc-adapter
+ roles:
+ - read
- name: soHelpers
version: ~8.x-0
repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
ports: {{- include "common.containerPorts" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
nodeSelector: {}
tolerations: []
affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-ve-vnfm-adapter
+ roles:
+ - read
version: ~8.x-0
repository: 'file://components/so-etsi-sol005-adapter'
condition: so-etsi-sol005-adapter.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
trap "kill -QUIT $JBOSS_PID" QUIT
trap "kill -PIPE $JBOSS_PID" PIPE
trap "kill -TERM $JBOSS_PID" TERM
-if [ "x$JBOSS_PIDFILE" != "x" ]; then
+if [ "$JBOSS_PIDFILE" != "" ]; then
echo $JBOSS_PID > $JBOSS_PIDFILE
fi
# Wait until the background process exits
# Wait for a complete shudown
wait $JBOSS_PID 2>/dev/null
fi
-if [ "x$JBOSS_PIDFILE" != "x" ]; then
+if [ "$JBOSS_PIDFILE" != "" ]; then
grep "$JBOSS_PID" $JBOSS_PIDFILE && rm $JBOSS_PIDFILE
fi
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
so-etsi-sol003-adapter:
enabled: true
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so
+ roles:
+ - read